How to configure Endpoint Prevent to detect mail attachments only


Article ID: 184213


Updated On:


Data Loss Prevention Endpoint Prevent


In an Endpoint Prevent policy it is not possible to select the Match On: Attachments option as Endpoint Prevent will match on all components of the mail.


This predominately applies to the Endpoint Agent mail scanning in MS Outlook and Lotus Notes.


Create a new policy and add your first rule with the Content required for detection, for example add the Rule Type Content Matches Keyword with the keyword "Confidential".

Add a second rule of type File Properties selecting Message Attachment or File Type Match, then in the rule under Conditions click on the [select all] to select all file types for detection.

The policy will serve the purpose of working around the issue by only detecting keywords within the selected file attachment types and not within the mail body or header.




How to include attachments for Endpoint Incidents


Match On: selection ignored on the Endpoint