Twin Cities Data Loss Prevention User Group

 View Only
  • 1.  DLP Pop-Up (Endpoint Prevent) sends email even if cancelling or waiting out the timer

    Posted Jan 24, 2020 04:50 PM

    Has anyone seen the situation where the DLP Pop-Up functionality is enabled, and even if "Cancel" or waiting out the timer, the follow-on email is distributed?  We have our system configured to pop-up, and if the individual selects one of the programmed radio buttons and then selects "allow", that an email would be sent to their manager and cc them, which describes the alert situation encountered, date/time details, machine source, etc.  However, if the end user selects "Cancel", or waits out the countdown timer, which then states the action has been blocked, the email still gets sent to their manager and cc's them.  This is not ideal or even necessary, as the end user did not send the email.

    Any thoughts on how to address this?  Thanks.



  • 2.  RE: DLP Pop-Up (Endpoint Prevent) sends email even if cancelling or waiting out the timer

    Posted Jan 27, 2020 03:15 AM

    Hi Jim 

    Thats normal because you have two response rule on the same policy , and these are two different types of response rule which will not contradict with User cancel option so the two actions will be executed either the user clicked on allow or cancel or timer timed out 

     

    hope this answers your questions 

     

     



  • 3.  RE: DLP Pop-Up (Endpoint Prevent) sends email even if cancelling or waiting out the timer

    Posted Jan 29, 2020 03:15 PM

    Actually, what I'm looking to clarify is why a notification of event email would be sent in a case where the end user selects cancel.  I don't see the point of notifying the individual and the manager via email if the situation was cancelled/avoided/timer ran out & blocked.  Seems counter to the reason for sending the email notification - which would be applicable if the situation was allowed and a reason for it was selected.  Make sense what I'm asking?



  • 4.  RE: DLP Pop-Up (Endpoint Prevent) sends email even if cancelling or waiting out the timer

    Posted Jan 29, 2020 04:47 PM
    Jim my good man, there is not a possibility to invoke a response rule based on allow or cancel. You response rule currently has two actions (user cancel and email notification) that are not related and cannot be related. Both items will be auctioned as soon as an incident occurs. Let me know if you would like to discuss further. Happy to have a chat.


  • 5.  RE: DLP Pop-Up (Endpoint Prevent) sends email even if cancelling or waiting out the timer

    Posted Jan 30, 2020 08:24 AM

    Thank you for the follow up response & clarification, now I understand the functionality and limitations.  Have a great day.