Monitoring "AzCopy" tool using Global Application Monitoring
search cancel

Monitoring "AzCopy" tool using Global Application Monitoring

book

Article ID: 247628

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

AzCopy is widely used tool from Microsoft to copy data from local drive to Azure cloud storage.

After configuring this app in global application monitoring configuration, data transfer using "azcopy copy" command is getting monitored for sensitive data. But, if customer use ".\azcopy copy" command, data transfer is not getting monitored.

Environment

DLP Endpoint agent 15.8 MP2

Cause

This has been identified as a product defect and will be fixed in a future DLP release.

Resolution

Below workaround can be applied until a fix is available. 

Run AzCopy tool from C: drive (root drive) instead of running it from any other folder like "C:\temp" or "C:\AzCopy". If "azcopy.exe" is kept in C: drive and ".\azcopy copy" command is used to transfer data, this traffic will get monitored for sensitive data.