DLP Monitor upgrade doesn't correctly detect SMTP, HTTP, and FTP traffic when using Network Communication Protection rules

Technical Articles ID: KB96040
Last Modified: 2023-04-28 10:43:07 Etc/GMT

Environment

Network Data Loss Prevention (NDLP) Monitor 11.10.x

Summary

NDLP Monitor appliance upgrade.

Problem

The Simple Mail Transfer Protocol (SMTP), Hypertext Transfer Protocol (HTTP), and File Transfer Protocol (FTP) traffic aren't detected when Network Communication Protection (NCP) rules are used. The SMTP traffic generates incidents without classification information. The HTTP and FTP traffic don't generate incidents.

NOTE: The issue is observed on the upgrade of DLP Monitor from versions 11.8.x and 11.6.x to 11.10.x.

Cause

An issue in configuration migration causes missing flags for NCP rules during an upgrade.

Solution 1

We're evaluating this issue for consideration in a future release of the product.

NOTE: For a current resolution, see the "Workaround" sections.

Workaround 1

Use Email protection rules for SMTP traffic and Web Protection rules for HTTP and FTP traffic.

Workaround 2

If an NCP rule is needed, reinstall the appliance without preserving any configuration.

NOTE: You must configure the initial network setup and register the appliance with ePO again.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

DLP Monitor upgrade doesn't correctly detect SMTP, HTTP, and FTP traffic when using Network Communication Protection rules

Environment

Summary

Problem

Cause

Solution 1

Workaround 1

Workaround 2

Affected Products

Languages:

Title

Title

Knowledge Center

DLP Monitor upgrade doesn't correctly detect SMTP, HTTP, and FTP traffic when using Network Communication Protection rules

Environment

Summary

Problem

Cause

Solution 1

Workaround 1

Workaround 2

Affected Products

Languages:

Choose your region

Title

Title