Sophos Central : How to config Data Lost Prevention feature for Email Server with Protect using attachment files type

Overview

  • This article will show you how to config Data Lost Prevention feature for Email Server available with Protect using attachmant files type.

Diagram

  • I prepared a email exchange server as the following diagram, use Email Gateway in Sophos Central to send email out to the internet.
  • You can articles about config email exchange server in here.

Configuring

  • To config Data Lost Prevention, log in Sophos Central by administrator account.
  • Go to My Product > Email Gateway > Policies.
  • To create policy click Add Policy, in Feature click Select an option drop-down list and choose Data Lost Prevention and click Continue.
  • Type name for Policy in a box next to Policy Name.
  • In User section, assign user mailbox in Available Users table that you want to apply this rule and then click icon “>” users are assign will move to Assigned Users table.
  • In Domain section, choose domain you want to apply rule.
  • In Setting section, there will be two options to apply the rule: Inbound and Outbound.
  • Inbound : The rule will scan email that you receive from the outside.
  • Outbound : The rule will scan email that you send from inside.
  • In here, i will Outbound and click Add rule to create rule.
  • Get Started tab appear, you need to type name and description (if available) for the rule.
  • In Choose rule type, i choose Protect using attachment files type and click Next.
  • In Add Items tab, you can choose Use Sophos list and click View Sophos list to see list of files type that Sophos provide.
  • In addition, you also can choose Use custom list to choose the files type that you want to block.
  • In here, i choose Use custom list and select files type .exe.
  • Click Next.
  • In Choose action tab, it has action as the following.
  • Quarantine : Scan the email, if it contains files with the specified files type, it will be delete. The email won’t be send.
  • Encrypt : If the email contains files with the specified files type, it will be encrypt.
  • Strip attachments : if the email contains files with the specified files type, it will add string on file.
  • Redirect message : if the email contains files with the specified files type, it will redirect message to email that you specify.
  • Delete: if the email contains files with the specified files type, it will delete.
  • Log : if the email contains files with the specified files type, it will save the log.
  • In here, i choose Quanrantine and turn on the rule.
  • Click Save.
  • In Policy Enforced section, you must ensure that the policy is enabled.
  • Click Save.
  • After that, i will login with the specified mailbox and send an email containing the .exe file.
  • Go to Email Gateway > Quarantined Messages on Sophos Central to check.
  • You will see the reason why do you can’t the email.
  • Click name of the email in Subject to see more details.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.