Hi all,
I'm struggling to identify the best way of conducting some local drive scanning that I want to put in place.
I have a large (circa 20,000 records) spreadsheet of sensitive data I want to match on, with an associated EDM policy. The policy has response actions of "Endpoint Discover: Quarantine File" and a "Network Protect: Quarantine File" assigned, however the Endpoint Discover response action gives the following warning:
Marked EDM, IDM, and/or DGM rules will not trigger Endpoint Prevent: Block and Endpoint Prevent: Notify response rules. For the policy to exhibit correct behavior, you may either modify the marked detection rule(s) or the marked response rule(s).
I wish to implement Endpoint scanning based on this policy. I have set up the scan profile to scan the required file types and folders to limit the number of file types sent back to the Endpoint Discover server.
The scan triggers correctly on the documents, but they are not quarantined. I understand that I cannot use Endpoint Prevent responses against EDM/IDM policies, however why can't I use Endpoint Discover responses? I plan on running the scans outside of regular hours and thus latency isn't really an issue.
Thanks in advance,
Nic