|Email Plug-in (Reporting):||188.8.131.52|
|Email Plug-in (Encryption):||184.108.40.206|
We are evaluating DLP on an ESA C170. Overall, it's going pretty well.
One of the DLP policies I turned on is the out-of-the-box "Suspicious Transmission (Spreadsheets to Webmail) policy. While it does trigger, I realized that it is also letting some emails with spreadsheets through. It's a pretty straightforward policy; it matches on recipients and attachment types. Every hit we've had so far has been HIGH severity, which seems to be the default for the policy.
Under what circumstances would this rule not trigger on an email going, say, to Gmail with an XLSX file attached?
Any help is appreciated!
From the description of your issue, I believe you are hitting the below bug:
Work-around for the same is as below:
Create a copy of this policy with the additional option selected of: "Only apply to encrypted or password-protected attachments."
However, currently, there is no fix for the same and you can add yourself to the notification so that you get notified once a fix is in place.
I hope this helps!
Thanks for the assistance. However, we are not running the effected version (12.1.0-071) listed in that bug. We are running 11.0.2-044.