Allowing or blocking a policy violation

When the confirmation dialog functionality is enabled at your site, corporate policy violations are not automatically blocked by Forcepoint DLP Endpoint. Instead, they are allowed if you provide a valid explanation for the operation.

If a policy violation is detected, Forcepoint DLP Endpoint displays a confirmation dialog box.

From this confirmation dialog box, you can choose to allow the operation to continue, or you can block the operation and cancel the request.

To continue with the action:
  1. Select a valid reason from the list.
  2. Optionally, type additional information in the text box (maximum 256 characters).
  3. Click Allow.

To cancel the action, click Block.

If the timer expires, the default action is taken. The timer default is set to 30 seconds, but can be changed by your system administrator to between 9 and 58 seconds.

Important: If you click the corporate policy link at the bottom of the window and Chrome is your default browser, Chrome does not open the link until you close the confirmation dialog window.

The behavior of the confirmation or block action varies depending on the action and the affected channel:

  • Removable Media Channel:
    • If you copy or move sensitive documents either through the Windows command line or by dragging and dropping the files through Windows Explorer to a USB drive, a writable DVD, or a mobile phone through WPD protocol, and choose the Block action in the confirmation box, Forcepoint DLP Endpoint might also block non-sensitive files if they are copied or moved with the sensitive files.
  • LAN Channel:
    • If you copy or move files to other machines mounted on the endpoint machine in the same local network, and choose the Block action in the confirmation dialog box, Forcepoint DLP Endpoint might incorrectly state that the files were copied or moved.
    • If you try to move a sensitive file to a network share folder using cut and paste, then choose the Block action in the confirmation dialog box, Forcepoint DLP Endpoint removes the file from both the source location and the destination. If this happens, look for the file in the Contained Files. See Viewing contained files and saving them to an authorized location.
  • HTTP/HTTPS (Web) Channel:
    • If you compose email through a web-based mail service (e.g., Gmail or Yahoo Mail), a confirmation dialog box is shown whenever the service syncs to the hosting server (i.e., when the email is auto-saved). This causes the confirmation dialog box to be shown multiple times within a short timeframe.
    • Each sensitive attachment within an email triggers a separate confirmation dialog box.
    • If you choose the Block action, you might receive an error message from the mail service, because the Block action interrupts the activity with the mail service.
  • Print Channel:
    • This channel blocks the printing of sensitive content when you try to print a hard copy through a printer or a soft copy through a PDF converter.
  • Application Clipboard Channel:
    • This channel allows you to copy and/or paste sensitive content within the same document, or to the same type of document (e.g., from one Microsoft Word document to another Word document).
  • Application File Access Channel:
    • If you choose the Block action, you might receive an error message from the application, because the Block action interrupts the activity with the application.
    • When saving a sensitive document, you might receive multiple confirmation dialog boxes, because temporary files created by the application trigger the confirmation dialog box.
  • Email Channel:
    • In Outlook, the Outlook process is suspended when the confirmation dialog box is shown. This makes it appear as if Outlook is no longer working. Once you choose either the Allow or Block action, the Outlook process works as normal.