You want to understand the basics of Agent Channel monitoring, Application Monitoring Rules, and their interaction.

DLP 15.x

Note -  Use the following URL on your Enforce Server to show all Application Monitoring Rules: https://<EnforceHostName>/ProtectManager/EndpointApplicationControlList.do?showAll=true

Channels Page

•  This is where you enable the channels you want to monitor for Agent Groups which have been assigned this configuration (Understanding how DLP Agents receive Configurations and Policies).
  • Generally, a channel must be enabled here and within an Application Monitoring Rule, with some exceptions as discussed below.

Channel Filters Page

•  Here you can configure monitoring filters for the channels you have enabled.
  • You can add a filter with the Action of either Ignore or Monitor
  • You can configure the monitoring filter to match certain channel attributes, such as:
    • File type/size for Filter by File Properties Rules
    • Domain/IP, etc for Filter by Network Properties Rules

Application Monitoring Overview

• In general, the channels enabled in the Agent Configuration are monitored for applications that do not have an Application Monitoring rule defined, with the following exceptions:
  • Application File Access - Open/Read.
    • This must be enabled both at the Agent Channel level, and at the Application Monitoring level.
  • Clipboard Paste monitoring is not enabled for undefined applications.
    • This must be enabled both at the Agent Channel level, and at the Application Monitoring level.
• When HTTPS monitoring is enabled for Chrome or Edge, Application File Access - Read and Clipboard - Paste are automatically enabled. It is recommended to leave these off in their respective Application Monitoring rules to prevent duplicate incidents.

Global Application Monitoring

• This is where you globally disable channels for specific applications, which have been enabled in any Agent Configuration.
   

Agent Configuration Application Monitoring

• This is where you disable channels for specific applications, which have been enabled in this Agent Configuration. Rules defined here take precedence over Global Application Monitoring rules defined for the same application.

See also: Understanding how DLP Agents receive Configurations and Policies