Processes by Channel Parent topic

The following table lists the processes that display under the Process column in the Data Loss Prevention logs.

Processes by Channel

Channel
Process
Synchronization software (ActiveSync)
Full path and process name of the synchronization software
Example:
C:\Windows\system32\WUDFHost.exe
Data recorder (CD/DVD)
Full path and process name of the data recorder
Example:
C:\Windows\Explorer.exe
Windows clipboard
Full path and process name of ShowMsg.exe
ShowMsg.exe is the Data Loss Prevention process that monitors clipboard events.
Example:
C:\Windows\system32\ShowMsg.exe
Email client - Lotus Notes
Full path and process name of Lotus Notes
Example:
C:\Program Files\IBM\Lotus\Notes\nlnotes.exe
Email client - Microsoft Outlook
Full path and process name of Microsoft Outlook
Example:
C:\Program Files\Microsoft Office\Office12\ OUTLOOK.EXE
Email client - All clients that use the SMTP protocol
Full path and process name of the email client
Example:
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Removable storage
Process name of the application that transmitted data to or within the storage device
Example:
explorer.exe
FTP
Full path and process name of the FTP client
Example:
D:\Program Files\FileZilla FTP Client\filezilla.exe
HTTP
"HTTP application"
HTTPS
Full path and process name of the browser or application
Example:
C:\Program Files\Internet Explorer\iexplore.exe
IM application
Full path and process name of the IM application
Example:
C:\Program Files\Skype\Phone\Skype.exe
IM application - MSN
  • Full path and process name of MSN
    Example:
    C:\Program Files\Windows Live\Messenger\ msnmsgr.exe
  • "HTTP application" if data is transmitted from a chat window
Peer-to-peer application
Full path and process name of the peer-to-peer application
Example:
D:\Program Files\BitTorrent\bittorrent.exe
PGP encryption
Full path and process name of the PGP encryption software
Example:
C:\Program Files\PGP Corporation\PGP Desktop\ PGPmnApp.exe
Printer
Full path and process name of the application that initiated a printer operation
Example:
C:\Program Files\Microsoft Office\Office12\ WINWORD.EXE
SMB protocol
Full path and process name of the application from which shared file access (copying or creating a new file) was performed
Example:
C:\Windows\Explorer.exe
Webmail (HTTP mode)
"HTTP application"
Webmail (HTTPS mode)
Full path and process name of the browser or application
Example:
C:\Program Files\Mozilla Firefox\firefox.exe