Data Loss Prevention

 View Only

  • 1.  Endpoint Keyword Policy

    Posted Jan 14, 2022 12:29 PM
    I have an email policy to detect for a list of values.  The values are one from column 1, immediately following by one from column 2.  For example:

    Col1              Col2
    alpha            one
    beta              two
    gamma         three

    The easiest way was to create an EDM with all the possible variations.  For example:

    alpha one
    alpha two
    alpha three
    etc

    The resulting list is ~64,000 lines which is fine for an EDM.

    Now, I need to recreate this policy for endpoint.  However, I can't use the EDM for endpoint.  The list is too large to add to a keyword list as it gets truncated when pasting.

    I tried to use keywords  with proximity, but that's to working.  When I test with:

    alpha one
    beta two
    gamma three

    It detects "alpha one", "one beta", "beta two", "two gamma" etc. and I end up with 5 incidents instead of 3.  

    Is there any way to prevent the policy from detecting the second value on the next line?
    Any other ideas or anything I'm missing?

    Thank you!


  • 2.  RE: Endpoint Keyword Policy

    Posted Mar 04, 2022 08:43 AM
    Hello Michael, I've been using the product for over 10 years and struggle with that proximity issue - no order of operation.
    That being said, why can't you use EDM for endpoint?  We have been doing this for a while.
    Original Message