Data Loss Prevention

 View Only

  • 1.  DLP agent

    Posted Oct 21, 2010 04:38 AM

    Hello

    DLP 10.5

    in case DLP agent is installed on a laptop and the laptop has been connected on a different network  ( let's say used in home ).does DLP keep working and generating alert ,incident,block actions or when the laptop is connected again to the company network the incidents will be generated

    Regards



  • 2.  RE: DLP agent

    Posted Oct 21, 2010 09:23 AM

    Correct, as long as the agent continues to run, the policies will be enforced and incidents will queue locally then the next time it connects to the network they will be written to the database.



  • 3.  RE: DLP agent

    Posted Oct 21, 2010 11:13 AM

    Here is a similiar topic

     

    https://www-secure.symantec.com/connect/forums/how-does-dlp-work-when-protected-client-goes-offline



  • 4.  RE: DLP agent

    Posted Oct 22, 2010 01:15 PM

     

    Hi there,

    Even if there is no connection available, the agent still functions. The DLP agent has its own encrypted data store called "Agent Store" - the agent store holds incidents and files until the time it can report back to the Endpoint server. (storage space though is 5% of disk space)

    When the connection is restored, the event information is then uploaded to the server. The incident data then shows up in Enforce.

    Hope that helps.

    Cherian Thomas

    Cnslt Info Security Risk