DLP Agent blocks actions in application that is whitelisted.
search cancel

DLP Agent blocks actions in application that is whitelisted.

book

Article ID: 383811

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

DLP Agent blocks actions in application that is whitelisted.

DLP agent has a feature of monitoring child processes that is enabled by default.

Example:
You have AFAC enabled in Global Application Monitoring for Google Chrome.
You have whitelisted MS Word for detection to ignore any activity in this application.

You download *.docx file with Google Chrome and open it from the Chrome Downloads section.

If *.docx file content triggers any policy you will get an incident for MS Word.

In this case MS Word will be stated by Google Chrome and is considered as a child process.
Google Chrome detection rules and filters will be applied in this case.

Environment

Windows

Cause

Child process monitoring is enabled in Agent Configuration.

Resolution

Open Agent Configuration -> Advanced Settings
Set FileSystem.MONITOR_APPLICTION_CHILD_PROCESS_FILE_ACCESS.int=0

It will disable child process monitoring in detection.