Data Loss Prevention

Hi Guys,

I have configured a policy on DLP to block a keywoard "xyz" with all protocols enabled (using AND condition in rule). When we send email through endpoint webmail like Yahoo, Gmail and hotmail, email gets through with keyword successfully via web Gmail while Yahoo and Hotmail are working fine and emails are getting blocked.

Is there any option to deal with Gmail web interface because I think it does not use POST field to submit email through web?

Regards,

What's the browser you using?

I did check policy for the content keyword and it worked for Gmail. Can you check by removingthe and policy rule and verify if it works.

Its not working even after removing the AND condition and second protocol rule.

Gmail traffic is HTTPS and without the proper web proxy setup for Network discover, or the proper web browser for Endpoint it will not get blocked.  I would verify that you can see https posts on any site.

is the HTTPS checked in teh agent configuration that's been applied to the detection server?

HTTPs is enabled on SWG and DLP (in detection rule at protocol level and agent configuration).

HTTPs website like Gmail are working just fine but its just that blocking rule for a keyword is not working on Gmail web interface and other HTTPs websites. SWG is configured with SSL policy which is configured to intercept all kind of traffic. This policy is on the top in SWG policy configuration.

Regards,

Atif

yes you can block gmail and monitor the same but with saome special arrangments(proxies)

plesae refer below links for more details

https://www-secure.symantec.com/connect/forums/symantec-data-loss-prevention-dlp-dlp-monitor-and-https-traffic

https://www-secure.symantec.com/connect/forums/can-we-block-https-traffic-through-symantec-dlp-network-prevent-web

https://www-secure.symantec.com/connect/forums/monitoring-http-get-vontu-dlp-web-prevent