A user wants to prevent a file from being copied on the local drive. For example, they want to prevent a file from being copied from c:\docs\ to c:\temp\.

When the file is copied there is an incident generated in the console for the local drive event, but the file copy is successful and not blocked.

The file is blocked if the file opened or if there is an attempt at uploading the file to an external site.

This behavior is a known limitation of the product. Endpoint Prevent is working properly. Local drive events do not trigger Endpoint Prevent block, notify, or user cancel response rules.

See the DLP Administrator Guide under "About policy creation for Endpoint Prevent" for more details.