Data loss prevention

(imported topic written by bearandy)

I read some document about the Endpoint Protection.

I wonder the function about Data loss prevention can record what files move to USB or not.

There is an analysis to record the history of connected USB device.

And is there an analysis to record what files move to the USB device?

Thanks for answer.

(imported comment written by bearandy)

The inforamtion I saw:

http://publib.boulder.ibm.com/infocenter/tivihelp/v26r1/index.jsp?topic=%2Fcom.ibm.tem.doc_8.2%2FSecurity_and_Compliance%2FDataProtection_CPM_Admi_Guide%2Fintroduction.html

(imported comment written by Xie_Ran91)

As far as I know, DLP does not record what files are moved to USB device.

It only records the violation logs, but it does not specify whether they are in USB or not. Can you tell me which analyses you referred to for the “records the history of connected USB device”?

Even there is “path” information in the violation log (when files violating policy are moved to a USB device), it does not indicate the drive is USB.

(imported comment written by Xie_Ran91)

I found that the Analyses you referred to is called:

Removable Media: History of Connected USB Drives

This Analyses is provided by Client Manager for Endpoint Protection site instead of DLP component. But anyway, there is no analyses that records the files moved to USB devices.

(imported comment written by bearandy)

I got it! Thanks for answering.

(imported comment written by bearandy)

You say records the violation logs.

And what kind of records about the logs?

(imported comment written by Xie_Ran91)

Take a look at these two analyses under CPM DLP:

Data Protection - Detected Data Loss Prevention Violation Information Analysis

Data Protection - Detected Device Control Violation Information

(imported comment written by bearandy)

Could you provide some screens?

I don’t have the DLP site.

User want to ask the function before.

Thanks

(imported comment written by Xie_Ran91)

Data Protection - Detected Data Loss Prevention Violation Information:

This analysis contains information about violations of data loss prevention detected by Core Protection Module endpoints in your deployment.

After activating this analysis, you will see the following property:

Detected Data Loss Prevention Violations

Maximum Data Loss Prevention Violation Report Count

Basically, it displays the information of “DLP_CLC_CPM.log”. You can find the path to the log

  1. go the the folder of the “Application Path” value of the registry key: “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion”

  2. the log is under Misc folder

Data Protection - Detected Device Control Violation Information Trend Micro Data Protection

This analysis contains information about Device Control violations detected by Core Protection Module endpoints in your deployment.

After activating this analysis, you will see the following properties:

Detected Device Control Violation

Maximum Device Control Violation Report Count

Basically, it displays the information of “AEGIS_CPM.log”. You can find the path to the log through checking the “Application Path” value of the registry key: “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion”

(imported comment written by bearandy)

Recently we apply new license for all function.

But still can’t find the data protection module add-on in core protection module.

what’s the problem? Or where could we get the “Trend Micro Data Protection.efxm”?

Thanks for answer.

(imported comment written by Xie_Ran91)

hi,

You need to add Trend Micro Data Protection site to your license via the License Key Center.