How to configure Endpoint Prevent to detect mail attachments only

book

Article ID: 184213

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

In an Endpoint Prevent policy it is not possible to select the Match On: Attachments option as Endpoint Prevent will match on all components of the mail.

 

This predominately applies to the Endpoint Agent mail scanning in MS Outlook and Lotus Notes.

Resolution

Create a new policy and add your first rule with the Content required for detection, for example add the Rule Type Content Matches Keyword with the keyword "Confidential".

Add a second rule of type File Properties selecting Message Attachment or File Type Match, then in the rule under Conditions click on the [select all] to select all file types for detection.

The policy will serve the purpose of working around the issue by only detecting keywords within the selected file attachment types and not within the mail body or header.

 

 

References:

How to include attachments for Endpoint Incidents

 

Match On: selection ignored on the Endpoint