Sophos dlp alerts when downloading a file

Could you give the exact details of your rules perhaps screenshots? This can vary I went through a few cases with Sophos on it. Much of this depends on your licensing and having the ability to change Outlook for example in the GPO and where it will store an attachment when you drag an drop. To run a simple test, attempt to attach a document in outlook by clicking the attach file icon in a new email, DLP will block the attachment this way regardless of the GPO settings which will in turn let you know that your DLP rules are working.

However simple explanation if you drag an drop Outlook is using a different means to attach the attachment and Sophos is not capable of seeing this, so you must tell Outlook to store the attachment in a different location. Again however this is not possible with certain licensing, most notably the Office licensing Business or Business Premium since you are not able to control Office with that licensing via the GPO.

I tried believe me, broke it all down with procmon to determine that Office will just rewrite the registry setting when you open a new email with the business premium licensing. But hey if you have e1 or higher for Windows 10 and Office you should be great! Also I have found a good testing document is to simply create a word doc or excel spread sheet and add 5 or more fake names, with 9 digit numbers social security , 16 digit, then 4 digit date, then 3 digit credit card numbers and some addresses.

Once you create this it should be flagged if you have an financial settings configured in DLP. Home More. Important Sophos is retiring some of the products mentioned in this article on 20 July For product retirement details, see our retirement calendar. Was this useful?

See About Policies. Getting started We can help you to get started using Sophos Central. Manage your account Click Your account name to see options to manage licenses, administrators and support settings, and more. People and devices You can manage your users and user groups and protect their computers. Policies A policy is a set of options for example, settings for malware protection that Sophos Central applies to protected users, devices, servers, or networks.

Account Health Check Check that your account has the best protection. Manage your products You can manage your licensed products. Overview The main menu lists the functions available to you in Sophos Central. Endpoint Protection Endpoint Protection lets you protect your users and devices against malware, risky file types and websites, and malicious network traffic. Computers On the Computers page, you can manage your protected computers.

Computer Groups On the Computer Groups tab you can add or manage groups of computers. Threat Protection Policy Threat protection keeps you safe from malware, risky file types and websites, and malicious network traffic.

Peripheral Control Policy Peripheral control lets you control access to peripherals and removable media. Application Control Policy Application control lets you detect and block applications that are not a security threat, but that you decide are unsuitable for use in the office.

Web Control Policy You need to configure the web control options to protect users and computers. Updating Policy The Updating policy lets you specify when product updates become available on your network. Windows Firewall Policy You can monitor and configure Windows Firewall and monitor other registered firewalls on your computers and servers using a Windows Firewall policy. Server Protection Find out how your servers are protected. Wireless Configure and manage access points, wireless networks, and devices.

Email Gateway Email Gateway provides protection against spam, spoofing, and viruses. Web Gateway Sophos Web Gateway protects your network against risky or inappropriate web browsing. Firewall Management Firewall management lets you monitor and configure Sophos Firewall devices that you connect to Sophos Central.

If you filter by File extensions , you can select individual file extensions. You can't choose a file group. You can also add a comma-separated list of file extensions to filter against in Include extensions. The rule matches against file extensions, not the file types we detect. If you use the message size rule with another rule type, the match is against both types. For example, if you choose attachment size and keyword type, the rule is only matched if the keyword is found in the attachment and the size limit is met.

We calculate attachment size using the email's MIME-encoding. We don't use the size of the raw files. This means attachment file sizes are often reported as larger than the actual file. You must take this into account when filtering on attachment size. See Calculating email attachment file sizes. If you're creating an inbound rule, External senders appears. For an outbound rule, External recipients appears.

Inclusions and exclusions are absolute. For example if you include a domain, the rule applies to all emails using that domain name, it doesn't apply to those using any other domain. Or if you exclude an email address, the rule applies to all emails except those using that email address. Options change depending on the rule type and direction Inbound or Outbound. If you select Protect using keywords , you can choose to filter on words and phrases, or use a regular expression.

See Perl syntax. See Google Code Archive: bregextest. You can combine different rule types by selecting actions that allow processing to continue to the next rule. If you select an action that allows this, Continue processing appears and you can turn it on.