Sophos Central: How to config Data Lost Prevention for Endpoint On Sophos Central?

Introduce about Data Lost Prevention on Sophos Central.

The Data Lost Prevention feature is part of Sophos Anti-Virus and is was included with all Sophos Central license that include this product. This feature is designed to prevent users from sending of confidential data outside.

Guide to configuring Data Lost Prevention on Sophos Central.

  • Login to Sophos Central Admin by Sophos Account Admin.
  • In Sophos Central display, click Endpoint Protection -> Setting.

  • On the right side, pay attention to the Data Lost Prevention, click Rules to cofig.

  • Continue to click Create New Rule, in Create new rule has 2 option.
    • New Content Rule: Used to prevent users from sending the files outside by web email, outlock,skype,.. contains content banned by admin setup.
    • New File Rule: Used to prevent users from sending the files has format such as image file has format .JPG or document file has format .doc or prevent sending file by file name outside by webmail,outlock,skype…

Create New Content Rule

  • Click New Content Rule and fill in the blanks after click Next Rule Configuration.

  • In Condition, File Contains:
    • This category includes the rules writtent by Sophos such as content has address email, telephone, credit card number,.. .

  • In Condition, Destination is:
    • This category includes the application, brownser( webmail on Firefox,Chrome,Outlook)… that users can used to send the file is blocked.

  • Finally, in section Exlusion if we want to add Exclusion click File names or File styles -> fill the blanks and click Add. Click Finish to Save Content Rule.

  • Content Rule has been created.

  • Continue click Policy on the left -> Add Policy -> selection Data Lost Prevention and select Device -> Click Continue.

  • Need to fill in the blanks Policy Name, in section Computer select computer in Available Computers after click “>” to switch to section Assigned Computer.

  • Continue to click Setting, click Create Custom Policy.

  • Click Add -> Add Existing Rule.

  • In list Rule, select the previously create rule and click Add, click Save to Finish.

Create New File Rule

  • Click Endpoint Protection -> Setting -> Rule -> Create New Rule -> New File Rule and fill the blanks.

  • Click Next Rule Configuration.

  • In Section Condition, File type is select the file need to block and Destination is select application or web brownser need to block.

  • Click Finish to Save Rule.

  • Continue click Policy on the left -> Add Policy -> selection Data Lost Prevention and select Device -> Click Continue.

  • Need to fill in the blanks Policy Name, in section Computer select computer in Available Computers after click “>” to switch to section Assigned Computer.

  • Continue to click Setting, click Create Custom Policy.

  • Click Add -> Add Existing Rule.

  • In list Rule, select the previously create rule and click Add, click Save to Finish.

Be the first to comment

Leave a Reply