kdashtobi
13 years agoLevel 2
Symantec DLP Edpoint Prevent no detecta incidentes al enviar archivos .zip o .rar en Hotmail
Hola a todos.
Tengo instalado varios agentes de Symantec DLP 11.5.1 que reportan al modulo de Endpoint Prevent, tambien se configuro una politica de prueba.
El problema es que al enviar un archivo .zip o .rar que contenga otro archivo con información confidencial como esta configurado en la politica, no se detecta ningun incidente, pero esto solo ocurre cuando el archivo es enviado desde Hotmail, de algún otro correo WEB si es detectado.
¿Endpoint Prevent no es compatible con Hotmail o acaso Hotmail actualizo su pagina ultimamente?
La configuración de los agentes es la siguiente:
Name Description
Enable Monitoring | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Select the channels to monitor | ||||||||||||||||
|
|
|
||||||||||||||
|
|
|
Filter by File Properties | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
Add filters here to optimize monitoring. Filters tell the agent to monitor or ignore files based on protocol, destination, file size, file type, or file path. Filters run in the order they appear. A file is ignored or monitored based on the action of the first filter that it matches. You can change the order that filters run by changing the numbers in the Order column. |
||||||||||
Add Monitoring Filter | ||||||||||
Order | Actions | Destination | File Attributes | |||||||
Monitor | Application File Access, CD/DVD, Email Attachment, FTP transfer, HTTP/HTTPS Attachment, IM File transfer, Removable Storage |
|
||||||||
Monitor | CD/DVD, Email Attachment, FTP transfer, HTTP/HTTPS Attachment, IM File transfer, Removable Storage |
|
||||||||
Ignore | Local Drive, Removable Storage |
|
||||||||
Ignore | Application File Access, CD/DVD, Local Drive |
|
||||||||
Specify Default File Filter Action | ||||||||||
The following action will be applied to any file that does not match any of the file filters configured above: | ||||||||||
Monitor | ||||||||||
Ignore |
Filter by Network Properties | |
---|---|
Specify Network filters here to optimize monitoring. These filters will tell the Agent to monitor or ignore network traffic based on IP addresses or domain names. | |
IP Filters: | |
IP | |
Domain Filters: | |
HTTP | |
HTTPS |