Data Loss Prevention Actions

When Data Loss Prevention detects the transmission of data identifiers, it checks the DLP policy for the detected data identifiers and performs the action configured for the policy.

The following table lists the Data Loss Prevention actions.

Table 1. Data Loss Prevention Actions

Action

Description

Actions

Pass

Data Loss Prevention allows and logs the transmission.

Block

Data Loss Prevention blocks and logs the transmission.

Additional Actions

Notify the agent user

Data Loss Prevention displays a notification message to inform the user of the data transmission and whether it was passed or blocked.

Record data

Regardless of the primary action, Data Loss Prevention records the sensitive information to <Client installation folder>\DLPLite\Forensic. Select this action to evaluate sensitive information that is being flagged by Data Loss Prevention.

Recorded sensitive information may consume too much hard disk space. Therefore, Trend Micro highly recommends that you choose this option only for highly sensitive information.

User justification

Note:

This option is only available after selecting the Block action.

Data Loss Prevention prompts the user before performing the "Block" action. User can select to override the "Block" action by providing an explanation as to why the sensitive data is safe to pass. The available justification reasons are:

  • This is part of an established business process.

  • My manager approved the data transfer.

  • The data in this file is not confidential.

  • I did not know that transferring this data was restricted.

  • Other: Users provide an alternate explanation in the text field provided.