search cancel

Apparent duplicate incidents from Gmail when using Web Prevent or HTTPS monitoring with Endpoint Prevent


Article ID: 162766


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Prevent for Web


While composing an email using Gmail in a web browser, Gmail draft autosave will generate an incident every 15 seconds if the message being composed contains data that would trigger a policy. There is no way to turn off Gmail autosave, thus, a DLP-centric solution is required.


In an incident report, find the string “autosave” in the section that shows the hidden part of the message body. I have seen the “autosave” string displayed as “autosave value” and “autosave :” you should confirm how it is displayed in your incident report. Next, use this string to create a keyword exception in the policies that are being triggered by Gmail draft autosave.

This keyword exception will prevent incidents from being created as the result of Gmail draft autosave, but will block the message if it contains violating data.