I need a solution
Hello all,
I have a DCM keyword policy set up with an Endpoint Prevent: Block response enabled. The scan is configured to look across local drives, application file access and clipboard endpoint sources. If I attempt to copy a .docx file from a network share to the local drive, it is blocked as expected. however, if I open the file in Word and choose "save as", I can save it to the local drive within triggering an incident.
Can someone explain why this occurs? I would expect the save process to trigger an incident and ideally block the save.
Thanks,
Nic
--------------------
Some details of our test configuration:
Microsoft Word is NOT configured under application file access
Endpoints are configured to:
1) IGNORE
- $Cookies$\*,
- $InternetCache$\*,
- $LocalAppData$\*,
- $LocalAppData$\..\Temp\*,
- $LocalAppDataLow$\*,
- $RoamingAppData$\*,
- $Windows$\Prefetch\*,
- $Windows$\SoftwareDistribution\*,
- *\System Volume Information\*
2) MATCH
- *.csv
- *.doc
- *.docx
- *.ppt
- *.pptx
- *.tmp
- *.txt
- *.xls
- *.xlsx