Application Control prevents Data Loss Prevention policy enforcement on files attached to outgoing mail

Technical Articles ID: KB89179
Last Modified: 2023-12-13 13:26:07 Etc/GMT

Environment

Application and Change Control (ACC) 8.x

Internet Explorer 11
Microsoft Windows

Problem

When files that contain sensitive information are attached to mail and sent through an internet mail provider (Gmail) using an internet browser (Internet Explorer 11), they aren't blocked.

The Data Loss Prevention (DLP) function to block this action doesn't work when ACC is installed and enabled.

Cause

ACC prevents DLP dll injection into the Internet Explorer process. Critical Address Space Protection (CASP) isn't bypassed for the Internet Explorer process.

Solution

In ePolicy Orchestrator (ePO):

Start the ePO console.
Go to Policy Catalog, Application Control Rules (Windows), <policy name>, Exclusions, Memory Protection.
Add iexplore.exe as an exclusion from CASP in the Application Control Rules Policy.

On the client:

Start the command-line Interface (CLI) for Solidcore.
From the CLI prompt, run the sadmin attr add -c iexplore.exe command.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Application Control prevents Data Loss Prevention policy enforcement on files attached to outgoing mail

Environment

Problem

Cause

Solution

Affected Products

Languages:

Title

Title

Knowledge Center

Application Control prevents Data Loss Prevention policy enforcement on files attached to outgoing mail

Environment

Problem

Cause

Solution

Affected Products

Languages:

Choose your region

Title

Title