search cancel

Behavior of Limit Incident Data Retention response rule action on Mac OS endpoints

book

Article ID: 162620

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

The Limit Incident Data Retention response rule action does not behave the same way for Mac OS endpoints as it does for Windows endpoints. This article describes the behavior for the response rule action for Mac OS systems.

Resolution

The Limit Incident Data Retention response rule action enables you to retain the original message (including files and attachments) for Endpoint Prevent and Endpoint Discover incidents. If you don't use the response rule action, the Data Loss Prevention discards the original messages for endpoint incidents.

On Mac OS systems, the response rule action works for policies with the Notify response rule action, but not for policies with the Block response rule action.

The Limit Incident Data Retention action does not work for Application File Access channel.