Understanding Agent Channels and Application Monitoring

book

Article ID: 209012

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

You want to understand the basics of Agent Channel monitoring, Application Monitoring Rules, and their interaction.

Environment

DLP 15.x

Resolution

Note -  Use the following URL on your Enforce Server to show all Application Monitoring Rules: https://<EnforceHostName>/ProtectManager/EndpointApplicationControlList.do?showAll=true

Channels Page

Channel Filters Page

  •  Here you can configure monitoring filters for the channels you have enabled.
    • You can add a filter with the Action of either Ignore or Monitor
    • You can configure the monitoring filter to match certain channel attributes, such as:
      • File type/size for Filter by File Properties Rules
      • Domain/IP, etc for Filter by Network Properties Rules

Application Monitoring Overview

  • In general, the channels enabled in the Agent Configuration are monitored for applications that do not have an Application Monitoring rule defined, with the following exceptions:
    • Application File Access - Open/Read.
      • This must be enabled both at the Agent Channel level, and at the Application Monitoring level.
    • Clipboard - Copy/Paste monitoring is not enabled for undefined applications.
      • This must be enabled both at the Agent Channel level, and at the Application Monitoring level.
  • When HTTPS monitoring is enabled for Chrome or Edge, Application File Access - Open and Clipboard - Paste are automatically enabled. It is recommended to leave these off in their respective Application Monitoring rules to prevent duplicate incidents.

Global Application Monitoring

  • This is where you globally disable channels for specific applications, which have been enabled in any Agent Configuration.
     

Agent Configuration Application Monitoring

  • This is where you disable channels for specific applications, which have been enabled in this Agent Configuration. Rules defined here take precedence over Global Application Monitoring rules defined for the same application.

 

 
 
 
 
 

Additional Information

See also: Understanding how DLP Agents receive Configurations and Policies