Quantcast
Viewing all articles
Browse latest Browse all 19521

Net prevent for Email - unfiltered message (high sensitive information)

I need a solution

Hi everybody,

I have a big problem here. We have configured an Email Prevent for Email detection Server on our customer (a financial organization). This has a policy that detect if a user send an email with a encrypted ZIP attached. So, the customer say me that a user sent an email out of the organization with a password protected ZIP and the email did passed. The policy work fine every time. This same policy has filtered a message for the same user on the day of incidente.
However, for this particular message, the user was able to send the email. With the attachment in cuestion (the size of the attach is 5Mb).
Now, I need to take a forensic analysis to explain why this message was sent out of the company. the problem is that, because the Symantec DLP does not evidence the situation (not created an incident), this situation was discover now, but the email was delivery at 5 of june. So, we can't see the operationals logs. We can't see if the message was analized and passed or if was ignored for sometime think...

I have looking through all logs and I have found the following error in "localhost.2014-06-05.log".
"Thread: 33 WARNING [com.vontu.manager] Transaction still in progress while trying to begin new transaction"
And other errors when try export policy. This occur at the sime time that the message was send.

This warning event can do that the server not process message? This can do the cause for that the DLP not filter the menssage?
Any response can help me, this is a embrised situation and I need find the root cause of the error..

Thanks very much.

Esteban Sandoval.

 

 

 

 

 


Viewing all articles
Browse latest Browse all 19521

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>