Forum Discussion

Mabel_dlp_999's avatar
Mabel_dlp_999
Copper Contributor
Apr 29, 2024

DLP Triggered by a Policy I am No Ionger In

Hi everyone,

We are testing out creating DLP policy that involves blocking by file type when uploading to Dropbox. This first policy I created didn't really do what I expected to, so I created a second policy that takes a different approach. I removed myself from the first policy and made the second policy top priority, yet I am still seeing the first policy being triggered during my tests. It's been a week, and my policy sync status is up to date.

Has anyone else experienced this?

  • gsingh_'s avatar
    gsingh_
    Copper Contributor

    Hi Mabel_dlp_999 , try to explicitly exclude your account in the first policy under "Locations" -- " Exclude users and groups" and include it in the second policy. thanks

    • Mabel_dlp_999's avatar
      Mabel_dlp_999
      Copper Contributor
      Thank you so much, great idea. I'll give it a try and confirm if this solution worked.
    • Mabel_dlp_999's avatar
      Mabel_dlp_999
      Copper Contributor
      So after placing an explicit exclusion on myself for policy 1, I am seeing unexpected and inconsistent results.

      So for clarity--
      Policy 1 = Block all unlabeled document uploads to Dropbox with a file size greater than 1 byte
      Policy 2 = Block all uploads to drop box if they are NOT word-processing / presentation file types

      During testing if I try to upload a csv or xlsx, I may see three different results. One where policy 1 is triggered (even though I am excluded from that policy), one where policy 2 is triggered, and one where it uploads to Dropbox, even though policy 2 should have blocked it.

      If you had any advice on this it would be appreciated, though I'd understand if not. Has your experience working with this product been smooth? My experience with purview has been really terrible so far. I'm wondering if maybe this is a bad product.
      • gsingh_'s avatar
        gsingh_
        Copper Contributor

        Hi Mabel_dlp_999 

        that's strange, I would suggest raising a support case with Microsoft. They can assist and probably run an MDE analyzer to capture logs from your device to understand why the DLP sensor (SenseCA.exe) is not detecting the files with the correct policy match.
        If required, I can share the steps to run the MDE analyzer for troubleshooting.
        I've seen some inconsistent results in the past but was able to fix them all after doing minor changes. Unfortunately, all the information classification/protection solutions today require tuning and training specifically during initial deployment. 🙂 thanks

Resources