You're using an entry level "pretend" DLP feature of an AV product to try and do enterprise style DLP. You get what you pay for. However, something like MIMEsweeper in your email flow would easily achieve what you desire and could sandbox for approval rather than forbid, which is a far better business enabler. If you want granular control over things like this and other actions with files, then you may want to look at the full DLP suites (deep breath for costs though!). a
________________________________ From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: 04 May 2011 21:47 To: NT System Admin Issues Subject: BLOCKING end-users from ATTACHING and EMAILING... We are searching for a method to BLOCK end-users from ATTACHING and EMAILING [sensitive] docs located on a SPECIFIC FOLDER of the share. What we have accomplished thus far: 1) Using Sophos we activated "Device Control" preventing end-user from coping to Storage, Network, or Short Range devices 2) Using Sophos we also activated "Data Control"... thus creating email alerts detailing the sender /recipient, time /date, and name /location of attachment 3) All documents are converted to PDF with security options that prevent copy /paste, and printing 4) End-users are NOT allowed Internet access Owners are left *totally* unsatisfied with all the above, as these measures are not preventative enough. Leaving any of the end-users without ability to email is NOT an option. Leaving a [public] workstation open, available with access to this SPECIFIC FOLDER, and then having no email /Internet is NOT an option. These end-users are all in the CAD design department. Given the nature of the business, suffice-it-to-say, one drawing in email could represent a significant loss. Sadly, the owners feel they cannot entirely rely on the loyalty of generously paid employees [with great benefits], company policies, and or legalese. Thanks in advance for any suggestions... comments. Cheers, -J EMPLOYEE Supposition: Surely in created the level of sophistication placed in Sophos with Device & Data Control suggests that a greater need exists to protect the employer's intellectual property. Along with these concepts, the end-users themselves have become more sophisticated and perhaps unfortunately [these days] more-willing to place their positions on the line. I guess if we've done our IT job... than the end-users ONLY option is to snap a photo using a cell-phone. What then will the employer do?? Add company policy to include NO CELL PHONES?? Imagine a world AT WORK without texting, tweeting, and the occasional personal call??? Ouch! EMPLOYER Supposition [slave-master]: Add video surveillance too!!!! :--/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin