How to monitor files accessed by Firefox over HTTPS

Article Id: 159381
Status: Published
Updated On: 07-02-2020 15:44
Legacy Id: TECH218583
Products:
Data Loss Prevention Endpoint Prevent
Issue/Introduction:

You can set up DLP Agents to monitor files accessed in Firefox over HTTPS. These steps do not allow you to monitor text uploads.

These steps apply to the following versions:

  • DLP Endpoint Prevent version 11.0 and later
  • Firefox version 4.0.1 and later

Note: This can only work through Application File Monitoring and not through Channel Filters. Channel filters do not work for file path for HTTP(s) incidents. Every application (browser) using these protocols would need to be set up with Application Monitoring. 

Resolution:

The following steps provide instructions on how to add Firefox to the application monitoring list.

To add Firefox to the application monitoring list and enable application monitoring:

  1. Log in to the Enforce Server.
  2. Go to System > Agents > Application Monitoring.
  3. Under the Application Information section, click Mozilla Firefox to display the Application Information screen.
  4. Select Monitor Application File Access and click Save.

Note: Firefox occasionally uses child processes to upload attachments. For example, Firefox version 3.6.4 uses a process called plugin-container.exe to upload files. Identify the child processes Firefox uses to upload files, add that process to the Application Monitoring screen, then select Monitor Application File Access.

If you experience performance issues, complete the following:

  1. Select File Read on the Application Information screen.
  2. Add a Java installation directory:
    1. Go to System > Agent > Agent Configuration.
    2. Click a configuration to display the Agent Monitoring tab.
    3. Click Add Monitoring Filter.
    4. Select Ignore (do not monitor) and Application File Access.
    5. Enter %LocalAppData%\Mozilla in the File Path on Destination field.

Note: Add ignore path filters sparingly. Paths that you tell DLP to ignore apply to all applications in the application monitor list with application monitoring enabled.

If you experience unstable application behavior:

  1. Go to System > Agent > Agent Configuration.
  2. Click a configuration and click the Advanced Agent Settings tab.
  3. Confirm that the default value 1 displays in the FileSystem.USE_CDDVD_DEFAULT_EXCLUDE_PATHS.int field.