Whatsapp monitoring with Data Loss Prevention Application Monitoring

book

Article ID: 169984

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

The application Whatsapp encrypts all data passed through it thereby making it difficult for DLP to monitor the application and information passed into it. When the application is run on the desktop, it allows files to be dropped into it and transfers them via the web, allowing potential bypassing of other DLP monitoring.

Environment

While Whatsapp is normally run as a mobile app, it can also be downloaded and run on the desktop (where it is linked to a mobile app). If it is run on the desktop, it can be monitored similar to any web browser.

Resolution

Whatsapp can be monitored for Copy/paste events.  

1. Add a new application by going to System > Agents > Application Monitoring using the following information:

  • Name:  Whatsapp
  • Binary Name:  Whatsapp\.exe
  • Internal Name:  <leave blank>
  • Original Filename: whatsapp\.exe
  • Publisher Name:  <leave blank>
  • Application Type: Cloud Storage 
  • Application Monitoring Configuration:  
  • Clipboard: Paste                                                                                                                                                                                                                

2. That configuration, and a valid policy in place, allows DLP to monitor the application for Paste events.