SOLUTION FOUND VIPRE Email Security has what's called Attachment Filter [was right under our noses]. We are *now* able to prevent specific documents from being attached and emailed by specific users [or department]. All Policy features in the Attachment Filter tabs worked quite well, with minor exceptions [*see below]. Our custom rule, "*(CLASSIFIED).PDF", stops PDF docs that end with "CLASSIFIED" in parenthesis. All classified documents were placed Read Only in a shared folder for all users. These documents will be given names for the above rule to catch, i.e., "Standards for Dakota (CLASSIFIED).pdf". The PDF documents are converted using Adobe security, whereby the users cannot modify, copy /paste, or print. Using Sophos we activated "Device Control" preventing the end-users from coping to Storage, Network, or Short Range devices. The last step is to prevent these PDF [Read Only] documents from being copied locally and renamed. We are searching for a good "Anti-copy" software. It appears that there are some choices. programs like "M File Anti-Copy" http://mini-products.net/ .so far untested.
It appears we have a DLP solution to look forward to. Cheers -J Thank you all for the replies [contributions] including: Justin Thomas: jat...@gmail.com Martin Blackstone: mblackst...@gmail.com Angus Scott-Fleming: angu...@geoapps.com Jim Kennedy: kennedy...@elyriaschools.org Jeff Steward: jstew...@gmail.com James Rankin: kz2...@googlemail.com Andrew S. Baker: asbz...@gmail.com *The syntax "%FILENAME%" used under the Notifications tab oddly returned the subject of the email rather than the filename (GFI case is pending) *Earlier on, the Attachment Filter failing entirely. the result of our Digital signature in emails. Resolution came by changing the statement from "false" to "true" in <ScanDigitallySignedMessages>true</ScanDigitallySignedMessages> found in the directory \VIPRE Email Security\globalsettings.xml file The latter issue dragged on for what seemed like forever [5-days]. After several techs [3-4] it was finally resolved by Matthew D. (Nice Job!) From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: Friday, May 06, 2011 4:32 PM To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... Agreed! .and thank you for your worthy replies. We recently discovered Vipre Email Security has what's called "Attachment Filter" .albeit it doesn't quite work AS OF YET, and no one [including Vipre Support] is able to say why. For the Vipre Security users out there.check out the "Rules" tab. Now this looks like something with tremendous DLP potential. Now if we can just get it to work. Cheers -J From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Friday, May 06, 2011 4:24 AM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... I asked that question as I have been involved in stolen/leaked Intellectual Property issues where someone was faxing CAD drawings to a competitor. If this data is truly considered 'the secret sauce' then as others have suggested, get a real DLP solution in place. There is no perfect security in business since you have to let the pesky end users, customers and sales folks interact. Good luck! -Jeff Steward On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb <jeff.s.gottl...@gmail.com> wrote: Thank you Jeff. The CAD operators cannot print the items of sensitivity [again we need to prevent the possibility to email only]. Many of these items [documents] represent "Standards" or dimensions which the engineers use for all projects, and are located in one folder. These docs are large, including roughly 130 pages each, and would easily allow other manufacturing firms to replicate the same exact pieces. This is VERY Similar to the secret recipes for the odors of Crayola crayons, or Papa John's Pizza garlic sauce, etc., etc. Ps. The latter is something I would LOVE getting my hands on. I would make a HUGE batch for home use to dip the crust of *any* pizza!! From: Jeff Steward [mailto: <mailto:jstew...@gmail.com> jstew...@gmail.com] Sent: Wednesday, May 04, 2011 8:14 PM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... Can the CAD operators print? Seriously, if the owners need to protect their intellectually property at that level, have the engineers upload the docs to a directory for review and approval and let a 3rd party review them prior to sending them to an external destination. -Jeff Steward On Wed, May 4, 2011 at 7:49 PM, Jeff S. Gottlieb <jeff.s.gottl...@gmail.com> wrote: Thanks Martin We too were thinking that might be a viable option. If seems NOT good for two reasons. 1) That is a Global setting, whereby the entire company would be effected by the one Exchange server 2) This department needs to transfer large files MOSTLY internally, but on rare occasions outside Sorry I forgot to mention this in our original post. -J From: Martin Blackstone [mailto: <mailto:mblackst...@gmail.com> mblackst...@gmail.com] Sent: Wednesday, May 04, 2011 2:50 PM To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... You could just put such a small attachment size restriction on them that nothing would go. Say 1K. From: Jeff S. Gottlieb [mailto: <mailto:jeff.s.gottl...@gmail.com> jeff.s.gottl...@gmail.com] Sent: Wednesday, May 04, 2011 1:47 PM To: NT System Admin Issues Subject: BLOCKING end-users from ATTACHING and EMAILING... We are searching for a method to BLOCK end-users from ATTACHING and EMAILING [sensitive] docs located on a SPECIFIC FOLDER of the share. What we have accomplished thus far: 1) Using Sophos we activated "Device Control" preventing end-user from coping to Storage, Network, or Short Range devices 2) Using Sophos we also activated "Data Control". thus creating email alerts detailing the sender /recipient, time /date, and name /location of attachment 3) All documents are converted to PDF with security options that prevent copy /paste, and printing 4) End-users are NOT allowed Internet access Owners are left *totally* unsatisfied with all the above, as these measures are not preventative enough. Leaving any of the end-users without ability to email is NOT an option. Leaving a [public] workstation open, available with access to this SPECIFIC FOLDER, and then having no email /Internet is NOT an option. These end-users are all in the CAD design department. Given the nature of the business, suffice-it-to-say, one drawing in email could represent a significant loss. Sadly, the owners feel they cannot entirely rely on the loyalty of generously paid employees [with great benefits], company policies, and or legalese. Thanks in advance for any suggestions. comments. Cheers, -J EMPLOYEE Supposition: Surely in created the level of sophistication placed in Sophos with Device & Data Control suggests that a greater need exists to protect the employer's intellectual property. Along with these concepts, the end-users themselves have become more sophisticated and perhaps unfortunately [these days] more-willing to place their positions on the line. I guess if we've done our IT job. than the end-users ONLY option is to snap a photo using a cell-phone. What then will the employer do?? Add company policy to include NO CELL PHONES?? Imagine a world AT WORK without texting, tweeting, and the occasional personal call??? Ouch! EMPLOYER Supposition [slave-master]: Add video surveillance too!!!! :--/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin