I need a solution
Hi,
I am trying to detect, when a user outside the internal network starts copying to the unauthorized network share. I have found, that copying through the Windows Explorer is OK, it is detected and blocked. But, when I use a Total Commander, it goes undetected.
I have setup, the TOTALCMD.EXE is inside the Application Monitoring, with only "Filesystem Activity" set, but it did not help. (I do not want to monitor all files read by this process, only copies outside to the network share.)
I am using DLP 11.6.3.
Any ideas/solutions? (Searching through the forum did not help.)
Thank you,
Pavel