Rules aren't enforced on users or groups in User Assignment Group
Last Modified: 2023-05-24 06:25:13 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Rules aren't enforced on users or groups in User Assignment Group
Technical Articles ID:
KB86338
Last Modified: 2023-05-24 06:25:13 Etc/GMT EnvironmentData Loss Prevention (DLP) Endpoint - all supported versions
For details about supported environments, see KB68147 - Supported platforms for DLP Endpoint. ProblemDLP Endpoint rules aren't applied to users or groups when you add a user or group to a User Assignment Group using the Security Identifier (SID).
CauseWhen you add a user or group to a User Assignment Group with the Security Identifier, it captures the SID from the Active Directory (AD) (for example,
DLP doesn't have a mechanism to actively monitor or synchronize changes from AD. As a result, the user or group isn't deleted from the User Assignment Group. Also, the SID isn't updated within the DLP Policy. The DLP Agent retains the SID of the original AD group, which no longer matches.
Solution 1Delete the AD user or group from the User Assignment Group. To update the SID, add the user or group with the same name in the User Assignment Group.
Solution 2Edit the existing User Assignment Groups and change the Identify LDAP Objects option from Security Identifier (SID) to Name.
Affected ProductsLanguages:This article is available in the following languages: |
|