DLP Monitor upgrade doesn't correctly detect SMTP, HTTP, and FTP traffic when using Network Communication Protection rules
Last Modified: 2023-04-28 10:43:07 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
DLP Monitor upgrade doesn't correctly detect SMTP, HTTP, and FTP traffic when using Network Communication Protection rules
Technical Articles ID:
KB96040
Last Modified: 2023-04-28 10:43:07 Etc/GMT Environment
Network Data Loss Prevention (NDLP) Monitor 11.10.x
Summary
NDLP Monitor appliance upgrade.
Problem
The Simple Mail Transfer Protocol (SMTP), Hypertext Transfer Protocol (HTTP), and File Transfer Protocol (FTP) traffic aren't detected when Network Communication Protection (NCP) rules are used. The SMTP traffic generates incidents without classification information. The HTTP and FTP traffic don't generate incidents. NOTE: The issue is observed on the upgrade of DLP Monitor from versions 11.8.x and 11.6.x to 11.10.x. Cause
An issue in configuration migration causes missing flags for NCP rules during an upgrade.
Solution 1
We're evaluating this issue for consideration in a future release of the product. NOTE: For a current resolution, see the "Workaround" sections. Workaround 1
Use Email protection rules for SMTP traffic and Web Protection rules for HTTP and FTP traffic.
Workaround 2
If an NCP rule is needed, reinstall the appliance without preserving any configuration. NOTE: You must configure the initial network setup and register the appliance with ePO again. Affected ProductsLanguages:This article is available in the following languages: |
|