Step 4. Actions on policy violation

A policy violation means user's actions leading to a violation of the conditions applied to the storage of confidential information on SharePoint websites. The user violates a policy by uploading policy-protected category data to SharePoint.

To configure application operations upon a policy violation:

  1. Select the Block file upload to SharePoint check box if you need to prevent leaks of data from this category.

    If the application detects data belonging to several categories while scanning a file, the file is blocked if at least one policy is configured to block data.

    If this check box is cleared, the application does not block file transfers to SharePoint but creates incidents when the policy is violated.

  2. In the Create incidents with priority dropdown list, select the priority that the application will assign to incidents upon a policy violation.
  3. If necessary, select the Attach file to incident details check box to view the file while handling the incident.
  4. If necessary, select the Log events to Windows Event Log and Kaspersky Security Center Event Log check box to save information about policy violations in centralized mode and use it when resolving errors in the future.

    When a policy violation event is saved in Windows Event Viewer, it is assigned code 16000. Each record contains the incident number and incident information.

  5. In the Send notification by email list, select the check boxes next to the names of employees to be notified about policy violations. Select the Additionally check box to enter email addresses separated with a comma in the entry field.

    In the event of a policy violation, the application sends notifications to these addresses.

  6. Click Finish to close the New Policy Wizard.

A policy is assigned for a category of data. You can view the list of policies assigned for a category by clicking the button. You can minimize the list of policies by clicking the button. Policy lists are minimized automatically when you switch to another node of Management Console.

Page top