Data Loss Prevention

 View Only

  • 1.  DLP 10.5 and hidden text/columns in MS Office

    Posted Oct 22, 2010 05:59 AM

    Hello,


    I have a problem with DLP 10.5 and hidden text in office files. For example if I create a policy that detects the keyword "confidential" and I enter this keyword into an Word file and try to copy this to another share an incident is raised. But, if I hide the keyword and try to copy this to another share there is no incident raised. This is the same with hidden columns in Excel.

     

    As far as I know, in version 9 there was no problem with that. So, any hints and tips?

     

    Thank you! :)



  • 2.  RE: DLP 10.5 and hidden text/columns in MS Office

    Posted Oct 28, 2010 07:59 AM

    Nobody can help me with that? Nobody tried to hide text in MS Office? :(



  • 3.  RE: DLP 10.5 and hidden text/columns in MS Office

    Posted Oct 28, 2010 08:30 PM

    Symantec DLP doesn't have an issue with hidden text, the reason is that the DLP sees the data as plain text, which means that text could not be hidden from the product.

    I think you might want to try and re-create the policy and check if it gets a match.

    Kind Regards,


    Naor Penso



  • 4.  RE: DLP 10.5 and hidden text/columns in MS Office

    Posted Nov 02, 2010 05:49 AM

    I know that SymDLP should see data as plain text, but it seems that have some bugs.

    I've checked and rechecked the policy and there is no incident raised. This was tested on my virtual environment and at a client site. The result: cannot "see" hidden text in MS Office (tried on Office 2003) and no incident raised for password-protected archives.

     



  • 5.  RE: DLP 10.5 and hidden text/columns in MS Office
    Best Answer

    Posted Nov 04, 2010 06:27 PM

    Hello:

    Angel 5-  I've tested your use case in the past and it is indeed VALID.  I created a file with 10 words.  5 were formatted with plain text, and 5 were marked "hidden" in the font tab of Microsoft Word (docx).  The hidden text will not trigger an incident.

    This is a known issue and has been entered into the etrack system.  It is scheduled for a fix on v11.

     

    Note regarding password protected files:  Content cannot be inspected.  No password protected files can be opened, including encrypted files and other password protected archives.


    ~Ryan



  • 6.  RE: DLP 10.5 and hidden text/columns in MS Office

    Posted Nov 05, 2010 07:30 AM

    Thank you for your reply Ryan. Good to know that this will be fixed in v11.


    As with password-protected archives, I don't want to inspect the contents of an password-protected file, I just want to raise and incident when this files are transferred off the corporate network or on removable devices. There is a default policy that is supposed to do that but doesn't work.

     

    Stefan Scanteie