search cancel

Apparent duplicate incidents from Gmail when using Web Prevent or HTTPS monitoring with Endpoint Prevent

book

Article ID: 162766

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Prevent for Web

Issue/Introduction

While composing an email using Gmail in a web browser, Gmail draft autosave will generate an incident every 15 seconds if the message being composed contains data that would trigger a policy. There is no way to turn off Gmail autosave, thus, a DLP-centric solution is required.

Resolution

In an incident report, find the string “autosave” in the section that shows the hidden part of the message body. I have seen the “autosave” string displayed as “autosave value” and “autosave :” you should confirm how it is displayed in your incident report. Next, use this string to create a keyword exception in the policies that are being triggered by Gmail draft autosave.

This keyword exception will prevent incidents from being created as the result of Gmail draft autosave, but will block the message if it contains violating data.