ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Understanding Agent Channels and Application Monitoring
Article ID: 209012
Updated On:
Products
Data Loss Prevention Endpoint Prevent
Issue/Introduction
You want to understand the basics of Agent Channel monitoring, Application Monitoring Rules, and their interaction.
Environment
DLP 15.x
Resolution
Note - Use the following URL on your Enforce Server to show all Application Monitoring Rules: https://<EnforceHostName>/ProtectManager/EndpointApplicationControlList.do?showAll=true
Channels Page
- This is where you enable the channels you want to monitor for Agent Groups which have been assigned this configuration (Understanding how DLP Agents receive Configurations and Policies).
- Generally, a channel must be enabled here and within an Application Monitoring Rule, with some exceptions as discussed below.
Channel Filters Page
- Here you can configure monitoring filters for the channels you have enabled.
- You can add a filter with the Action of either Ignore or Monitor
- You can configure the monitoring filter to match certain channel attributes, such as:
- File type/size for Filter by File Properties Rules
- Domain/IP, etc for Filter by Network Properties Rules
Application Monitoring Overview
- In general, the channels enabled in the Agent Configuration are monitored for applications that do not have an Application Monitoring rule defined, with the following exceptions:
- Application File Access - Open/Read.
- This must be enabled both at the Agent Channel level, and at the Application Monitoring level.
- Clipboard Paste monitoring is not enabled for undefined applications.
- This must be enabled both at the Agent Channel level, and at the Application Monitoring level.
- Application File Access - Open/Read.
- When HTTPS monitoring is enabled for Chrome or Edge, Application File Access - Read and Clipboard - Paste are automatically enabled. It is recommended to leave these off in their respective Application Monitoring rules to prevent duplicate incidents.
Global Application Monitoring
- This is where you globally disable channels for specific applications, which have been enabled in any Agent Configuration.
Agent Configuration Application Monitoring
- This is where you disable channels for specific applications, which have been enabled in this Agent Configuration. Rules defined here take precedence over Global Application Monitoring rules defined for the same application.
Additional Information
Feedback
Yes
No
Powered by
