The Box Securlet has been activated using a Co-Admin and a policy has been created to trigger when files are shared publicly. When sharing a file publicly the policy does not trigger as expected.
No error message is available for this issue. The policy simply doesn't trigger as expected.
Environment
Box Securlet activated as a Co-Admin
Cause
There are limitations regarding the activation of the Box Securlet using a Co-Admin.
CloudSoc does not have visibility into the activities of Box Admin and other Co-Admins
CloudSoc cannot scan the documents of the Box Admin and other Co-Admins
CloudSoc cannot remediate the content of the Box Admin and other Co-Admins
In this specific situation the first two bullet points are the cause of a policy not alerting when a file is shared publicly.
Resolution
Test the policy with a User account that is not a Co-Admin within Box. The policy will trigger.
Symantec strongly recommends that a Box Administrator, NOT a Co-Admin, be used to activate the Box Securlet.