IronPort DLP Policy Help

Similar Messages

• OUTGOING MAIL POLICIES USING CRES BUT ALSO TO BE PROCESSED BY DLP POLICY

  We have a outgoing policy in place which in turn have domains applied, a content filter and DLP policies.  The content filter states that if it receives cres header it will deliver without analysing and avoid DLP policies and send. 
  How can I config this so even if cres is used it will continue processing and follow DLP policies and send out accordingly.  I have tried "encrypt on delivery" i do receive the cres request but the dlp policy email bcc destination receives nothing at all.
  When i send the same email without cres header the destination email receives and so does dlp policy email destination.

  Yes the order matters.  It matches top to bottom, once you have a match, that's the policy that applies... 
  The HELP that is on the box is actually pretty complete, and includes examples of policy matching... Just go to the Outgoing Mail Policies page, and click "Help and Support" in the upper right...

• Issue w/ DLP Policy, unable to send mail

  I'm trying to implement DLP using both California SB-1386 and California AB-1298 policies, yet almost all of our mail gets blocked because of a violation.  One of the two policies I listed will block the email.  It appears that the DLP policy is blocking the email because of the users signature.  The signature has their name, title, address, and phone number.
  Has anybody come across this issue?  How do you work around this?
  Thanks,

  Any thoughts?

• Group Policy Helper tool not working properly

  Hello,
  I`m using IE 9 on a x64 Win 7 enterprise PC with ZCM 10.3.4.
  When Im logging into ZCC and start to configure a "windows group policy" the group policy helper tool starts and begins to download the policy.
  Then the gpedit.msc appears i get the popup "group policy settings imported successfully" immediately. This popup should certainly come up, when i close the gpedit.msc to import the changed policy setting.
  But so i always get an empty policy for upload.
  Any hints what`s wrong with it?!

  Originally Posted by andreas_karl
  Hello,
  I`m using IE 9 on a x64 Win 7 enterprise PC with ZCM 10.3.4.
  When Im logging into ZCC and start to configure a "windows group policy" the group policy helper tool starts and begins to download the policy.
  Then the gpedit.msc appears i get the popup "group policy settings imported successfully" immediately. This popup should certainly come up, when i close the gpedit.msc to import the changed policy setting.
  But so i always get an empty policy for upload.
  Any hints what`s wrong with it?!
  IE 9 is not supported, you need to stay on IE8 until 11.2 is released (15 march).
  Thomas

• Group policy helper and Folder Redirection

  I've installed windows7/32 bit to use the Group policy helper. Now I can use this tool.
  I want to use the Group policy helper to redirect folders as descripted in Managing Roaming User Data Deployment Guide.
  In this documentation a folder redirection management snap.in is used. Can I somehow include this in the grouppolicy helper in ZCC11?
  I want to redirect the user folders to their homedirectory. We have about 500 Students and I can't configure every login so I hope to solve the problem using the group policies.
  (with zen7 and XP we configure the default local user to move desktop and user files to NetWare Home directory.)

  This still works..........
  http://www.novell.com/coolsolutions/tools/14324.html
  On 7/27/2011 7:56 AM, Alix wrote:
  >
  > I've installed windows7/32 bit to use the Group policy helper. Now I can
  > use this tool.
  >
  > I want to use the Group policy helper to redirect folders as descripted
  > in 'Managing Roaming User Data Deployment Guide'
  > (http://technet.microsoft.com/de-de/l...9(WS.10).aspx).
  >
  > In this documentation a folder redirection management snap.in is used.
  > Can I somehow include this in the grouppolicy helper in ZCC11?
  >
  > I want to redirect the user folders to their homedirectory. We have
  > about 500 Students and I can't configure every login so I hope to solve
  > the problem using the group policies.
  >
  > (with zen7 and XP we configure the default local user to move desktop
  > and user files to NetWare Home directory.)
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• Deploying Files with Group Policy - Help Needed

  Hi,
  I am trying to use group policy to deploy files and folders to our server estate. The policy I have created first creates a folder on each server's C drive and then coppies a set of files to this folder from a network share. The folder creation works fine
  but the files copy fails. In the Application logs on the servers it displays the following error:
  The computer 'ILMT' preference item in the 'GPO - Servers_Production_ALL {CC026B58-FA3B-4399-AA00-AE8E844B2B47}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
  Can anyone advise what exactly does not have access here? I don't know what I need to enable to get this to work.
  Can anyone help?
  Many thanks
  James

  The copy is on a file server share. presumably if I just give everybody read access to the share that would suffice?
  No it won't.
  "Sharing" requires several actions:
  a) create the folder
  b) share the folder
  c) grant NTFS permissions on the folder
  I think you've neglected action (c).
  For your scenario, you need to grant the "server computers" read permissions to the folder.
  You can add individual computer accounts, or a group, or "domain computers".
  (In a similar way, you could grant access to a user, a group, or "domain users")
  [if you need everybody (users) *AND* everything (computers), you could grant permissions to "authenticated users" since that principal includes *BOTH* users and also computers]
  Note that "domain computers" and "authenticated users" include all types of domain member computers, i.e. servers, workstations, etc.
  Also, note that granting a "computer account" access to a folder or share, does *NOT* mean that a user account on that computer can access the remote share, i.e. permission is granted to the computer account, and a logged-in user account on
  that computer does not inherit any kind of access to the remote share by virtue of being logged in.
  This means that the computer can access the share but the user cannot access the share. Because the computer account is an identity/principal of it's own accord.
  [None of which really has anything to do with Group Policy at all - it's how Windows does file sharing and ACLs... ;)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Retention Policy help

  I'm trying to create a retention policy that will auto archive after 5 years and retain indefinitely.
  I also want to make one that if a user deletes an item, it's not deleted but instead archived and retained indefinitely.
  After being on hold with M$ for 1 hour 13 minutes, the agent is going to "Check some resources" and get back with me.
  Any help?

  No, Retention Age is calculated on message age, and not purged before this.  Read more here:
  How retention age is calculated
  You could simply tell the users that email is deleted from the deleted items after 7 days, instead of a given day.  If a given day is necessary, you could run search-mailbox
  with the deletecontent switch on a
  schedule.
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• Group Policy help w/ Links In IE

  Does anyone know what policy setting allows users to rearrange the
  shortcuts in links toolbar within IE? I can't seem to find it. Users
  try rearranging the shortcuts but they go back to alphabetical order
  after logout and log back in.
  Thanks,
  Johnny V.
  johnnyv5

  johnnyv5,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Software Restriction Policy help

  This policy was working fine, then all of the sudden it is not working anymore.
  Blocking from
  %AppData%\*.exe
  %AppData%\*\*.exe
  Here is the error I get
  An error has occurred while collecting data for Software Restriction
  Policies.
  This error impacts the following settings:
  Software Restriction Policies
  Software Restriction Policies/Security
  Levels
  Software Restriction Policies/Additional Rules
  The following errors apply to all of the above
  settings:
  A certificate stored by this extension is not valid. Use the Group Policy
  Management Editor to reconfigure the settings in this extension.

  Hi,
  How is the issue going? Where did the certificate come from?  For this is also related to the certificate, if the issue persists, we can also ask for suggestions in the
  following security forum.
  Security
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards,
  Frank Shen

• Demoting a DC and Group policy, help needed.

  Hi all,
  so we have 3 domain controllers, lets say dc1,dc2 and dc3. We have the 3rd line assistance from another company, they have advised the following.... 
  SO the stages will be
  1) Can you please go through all the GPO's in DC3 and consolidate what you need and what you do not need, you need to extensively cross reference this with DC1 and DC2, this is something you have to do. As I will not know what you need and what you do
  not. You can do this by logging into each domain controller and opening up the settings of each GPO and cross referencing.
  2) Once the above is done, we will consolidate the GPO's to a central repository in your domain
  3) Backup Sysvol directory and Netlogon folder in DC3
  3) Proceed to dcpromo DC3 out of the domain
  4) Test connectivity if clients to the AD
  5) Add the additional Server options
  6) All of the above can be done during office hours.
  it was my understanding (perhaps wrongly) that the group policies were not on the individual Domain Controllers but in Sysvol and as such replicated anyway?
  any advice would be very much appreciated.

  > I am being told that our Group policies are different across different
  > Domain Controllers and to my knowledge that's impossible as we have
  > discussed it should be in the replicated Sysvol.
  Ok, that's a common problem. Fix it and you will be fine:
  http//support.microsoft.com/kb/2218556 (for DFS-R Replication of Sysvol)
  http://support.microsoft.com/kb/315457 (for NTFRS replication)
  > I'm a bit lost on the central repository aspect but prior to saying it
  > makes no sense I just wanted to check my understanding, especially with
  > an MVP!
  I agree. Talking of a "central repository" fro group policy doesn't make
  sense, because group policy from the very beginning lives in AD and
  sysvol, which both are kind of "central repository". Seems they don't
  really know what they're talking about :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Power settings/group policy/help!

  Hello again,
  We use Dell laptops in our business, primarily a selection of Latitude E6230s. E6330s, a few E7240s, and some others.
  There is the well known issue with Dell laptops that when they are plugged onto a docking station when they are already powered on, they completely freeze up and lose all USB support. I have read up on this online and everywhere suggests setting the default
  domain policy to a High Performance power plan.
  I have done this, however now we have a bunch of remote workers complaining that their laptop batteries are draining too quickly, and the machines are getting too hot and too noisy, because the machines now never go into sleep/hibernate mode.
  Has anyone got any ideas on how to obtain a happy medium for this? I'm getting grief from both sides and there isnt enough hours in the day to sit and play around with all the individual settings - although I suspect that I might have to?
  Any advice would be much appreciated?
  Thanks!

  Hello aglxs20,
  How about the Windows 7 restore disk?
  Is this issue resolved?
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Samsung DLP TV - HELP !!! TECHNICAL PROBLEMS

  We have a 6 yr old Samsung HL-p4663W.
  Symtoms:
  No picture, lamp light blinking
  Every 30 sec or we would hear a click like the ballast was firing up or something.
  We first replaced the lamp- no change in symtpoms.
  Someone told us given the clicking, it was probably the ballast, so we replaced it, no change
  Now, when we plug it in, the Lamp light blinks, it clicks like I mentioned. If I press the button to turn it on, all three lights blink.
  Any thoughts?

  Shorty wrote:
  If you are having problems signing in to Skype on your Samsung TV, then please check the following:
  Is your account brand new?
  If the account you are attempting to sign in with does not have any contacts yet (ie it is a brand new account, and you haven't yet invited anybody to be a contact with you on Skype), then you may get stuck on the 'spinner' screen when you try to sign in. To fix this follow these steps:
  1. Using another device (phone, tablet, PC), sign in to the same Skype account
  2. Add a contact using that device (look for the 'Add a Contact' option
  3. You will now be able to sign in successfully on the TV
  Does your username or password contain an '&' symbol or other non alphanumeric characters?
  Some Samsung TVs do not allow non alphanumeric characters to be entered correctly into the password entry box on the Skype application. If your password has a non alphanumeric character and you are experiencing problems signing in, then we advise you to change your password to use only alphanumeric (0-9, A-Z) characters
  Visit support.skype.com for more information on changing your Skype password
  If you continue to experience problems signing in to Skype on your TV, please comment below

• Critical error: MID 25342101 antivirus server error from ironport c350. please help me resolve this issue

  The Critical message is:
  MID 25342101 antivirus server error
  Version: 6.1.0-301

  Hi Sobha Dev.,
  the issue is related to the Sophos AV engine. Particular messages can cause an internal Sophos error. The issue has been fixed in newer versions of Sophos. Since you are running on EoL version 6.1 you should upgrade to a supported version which will include an updated Sophos version including the fix.  The latest AsyncOS version is 7.6.1 which has Sophos 4_84.
  Regards,
  Enrico

• 6500 CoPP policy help?

  Hi,
  I am trying to implement CoPP on a 6500 and need some assistance.
  I wish to rotect the switch/network during any event such as virus outbreak, and retain remote access via telnet.
  I have created several classes for known traffic, and applied as transmit/transmit so I can fine tune the values.
  I am finding the below  challenges.
  1. Many classes, despite averaging well below the CIR appear to 'burst' regularly into exceed/viotate.
  I have tried to increase  the 'CIR and bc/be' to higher values to get the exceeds down to zero. However they appear to keep bursting into exceed/violate.  I am unsure what do as I do not want to drop this traffic and cause more issues?
  2. Despite classifying all known traffic, still 70-80% seems to be taken up by the 'class default'?
  Is this too high or ok? Do I need to more classification via spanning the control plane to wireshark?
  I am worried I will cause more issues if important traffic is dropped?
  And that some traffic (such as spanning tree) cannot be classified out of the class default.
  Just looking for some general guidance.
  Thanks

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  CoPP is really to protect the control plane from DoS type of overload, so the switch can still meet some or all of its control plane requirements.  Depending on the nature of an attack, toward the network device itself, you might be on difficult to impossible quest to guarantee in-band access, like telnet.  Even out-of-band access might have issues.
  Like broadcast storm control, often necessary data is policed too.
  So, as you're finding, getting CoPP to really work as you think it should, can be problematic.
  However, it doesn't mean CoPP isn't without merit, just understand it's sort of a last resort to try to preclude total network failure, but when it engages, you're likely to still have some network issues.

• IronPort ESA SOX DLP

  I understand that the SOX DLP Policy on the ESA is configured for Corporate Financials, but what all does that entail? I am having a hard time discerning what all it catches.
  Can anyone provide a good idea of how to set the scale for the Severity Settings for that policy?

  Dan,
  Check your External DLP for any disconnects or network issues with the Ironport.  The load-balance is only for multiple external DLP servers and not multiple Ironports.
  Try to increase the reconnection attempts (10) to see if it helps.  It would be best to find out why the Ironport can't reach the DLP servers during such time frames. Check for any symptoms around such times, like load or other service kicking off.  Does it happen on exact time? These can give good hints as to why.