An agent installed on a server generates no incidents when remote machines copy data from its shares
search cancel

An agent installed on a server generates no incidents when remote machines copy data from its shares

book

Article ID: 276650

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite

Issue/Introduction

  • You have installed the DLP agent on a server OS
  • You have configured the agent channel to monitor the copy to local drive channel
  • However, when users connect with workstation machines and move data from the server's shares to their local machines, no incidents are generated

Environment

15.x, 16.x

Cause

This is working as designed.

The DLP endpoint agent will only monitor data in motion events that originate from the machine on which it is installed and that are initiated by the currently logged-in user. 

 

Resolution

Install DLP endpoint agents on all of the devices from which you expect data loss events to originate. Typically this is all the endpoints in your environment.