User Notification pop-up message is not seen for every rule violation
Last Modified: 2022-09-06 15:55:48 Etc/GMT
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
User Notification pop-up message is not seen for every rule violation
Technical Articles ID:
KB93570
Last Modified: 2022-09-06 15:55:48 Etc/GMT Environment
Data Loss Prevention (DLP) Endpoint - all supported versions For supported platforms, see KB68147 - Supported platforms for Data Loss Prevention Endpoint. Problem
A DLP rule violation occurs, which displays a user notification pop-up message on the client system. Immediately after the rule violation, the rule is violated a second time with the same criteria that initially violated the rule. The appropriate action defined in the DLP rule is enforced, but a second user notification is not seen on the endpoint. You only see notification pop-up messages that result from the same rule violation criteria after some time. The Windows Client Configuration policy has the Solution
This behavior is expected. When a DLP Rule Violation occurs and a user pop-up notification is displayed, a countdown sequence of 20 seconds begins. This countdown allows a buffer between rule violation notifications. If the same content violates the same rule within the 20-seconds countdown sequence, the user sees a pop-up notification signifying that there are multiple DLP events. When the rule is triggered again, it resets the 20-second countdown. The later rule violations that result from the same content do not trigger further pop-up notifications until the 20-second countdown has completed. This design is hard coded to prevent scenarios where multiple rule violations occur simultaneously causing a cascade of DLP user notification pop-ups. NOTE: User notification pop-ups work different with Web Post Protection Rules as described in KB93577 - How user notification pop-ups work with Web Post Protection Rules. Languages:This article is available in the following languages: |
|