HTTP not detected off network
search cancel

HTTP not detected off network

book

Article ID: 206610

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Whilst testing for unknown URL issues, we could not generate an incident for most circumstances with HTTP off network. 

 

Environment

Release : 15.7

Component :

Cause

Under certain proxied traffic scenarios HTTP traffic may be directed to the local host interface on the endpoint. We do not monitor this by default. 

Resolution

1. On endpoint, open cg.ead using vontu_sqlite3 tool
2. Run this query:
====================================================
insert into configuration values ('NetworkMonitor',
'ENABLE_LOOPBACK_MONITORING',
'int',1);
====================================================
3. Restart DLP agent
4. Test the scenario and see if incidents are generated. 

 

Please note the steps above are only for validation purposes, and should not be deployed in production. Loopback monitoring will be supported in a future release. 

Additional Information

Loopback monitoring is scheduled to be supported in 15.8. No previous versions are targeted for this fix at this time. 

Powered by Wolken Software