Forum Discussion
DLP Triggered by a Policy I am No Ionger In
Hi everyone,
We are testing out creating DLP policy that involves blocking by file type when uploading to Dropbox. This first policy I created didn't really do what I expected to, so I created a second policy that takes a different approach. I removed myself from the first policy and made the second policy top priority, yet I am still seeing the first policy being triggered during my tests. It's been a week, and my policy sync status is up to date.
Has anyone else experienced this?
- gsingh_Copper Contributor
Hi Mabel_dlp_999 , try to explicitly exclude your account in the first policy under "Locations" -- " Exclude users and groups" and include it in the second policy. thanks
- Mabel_dlp_999Copper ContributorThank you so much, great idea. I'll give it a try and confirm if this solution worked.
- Mabel_dlp_999Copper ContributorSo after placing an explicit exclusion on myself for policy 1, I am seeing unexpected and inconsistent results.
So for clarity--
Policy 1 = Block all unlabeled document uploads to Dropbox with a file size greater than 1 byte
Policy 2 = Block all uploads to drop box if they are NOT word-processing / presentation file types
During testing if I try to upload a csv or xlsx, I may see three different results. One where policy 1 is triggered (even though I am excluded from that policy), one where policy 2 is triggered, and one where it uploads to Dropbox, even though policy 2 should have blocked it.
If you had any advice on this it would be appreciated, though I'd understand if not. Has your experience working with this product been smooth? My experience with purview has been really terrible so far. I'm wondering if maybe this is a bad product.- gsingh_Copper Contributor
that's strange, I would suggest raising a support case with Microsoft. They can assist and probably run an MDE analyzer to capture logs from your device to understand why the DLP sensor (SenseCA.exe) is not detecting the files with the correct policy match.
If required, I can share the steps to run the MDE analyzer for troubleshooting.
I've seen some inconsistent results in the past but was able to fix them all after doing minor changes. Unfortunately, all the information classification/protection solutions today require tuning and training specifically during initial deployment. 🙂 thanks