Whatsapp monitoring with Data Loss Prevention Application Monitoring


Article ID: 169984


Updated On:


Data Loss Prevention Endpoint Prevent


The application Whatsapp encrypts all data passed through it thereby making it difficult for DLP to monitor the application and information passed into it. When the application is run on the desktop, it allows files to be dropped into it and transfers them via the web, allowing potential bypassing of other DLP monitoring.


While Whatsapp is normally run as a mobile app, it can also be downloaded and run on the desktop (where it is linked to a mobile app). If it is run on the desktop, it can be monitored similar to any web browser.


Whatsapp can be monitored for Copy/paste events.  

1. Add a new application by going to System > Agents > Application Monitoring using the following information:

  • Name:  Whatsapp
  • Binary Name:  Whatsapp\.exe
  • Internal Name:  <leave blank>
  • Original Filename: whatsapp\.exe
  • Publisher Name:  <leave blank>
  • Application Type: Cloud Storage 
  • Application Monitoring Configuration:  
  • Clipboard: Paste                                                                                                                                                                                                                

2. That configuration, and a valid policy in place, allows DLP to monitor the application for Paste events.

NOTE: If you want to add Whatsapp on macOS please follow first procedure Defining macOS application binary names