Set up data control alerts and messages

If you use role-based administration:

  • You must have the Policy setting - data control right to configure a data control policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

Sophos Enterprise Console uses events and messages to report when the transfer of sensitive data is detected or blocked.

For information about data control policies and events, see Data control policy.

When data control is enabled, the following events and messages are logged or displayed by default:

  • Data control events are logged on the workstation.
  • Data control events are sent to Sophos Enterprise Console and can be viewed in the Data Control - Event Viewer. (To open the event viewer, on the Events menu, click Data Control Events.)
    Note Each computer can send to Enterprise Console a maximum of 50 data control events per hour.
  • The number of computers with data control events over a specified threshold within the last seven days is displayed on the Dashboard.
  • Desktop messages are displayed on the workstation.

You can also configure Sophos Enterprise Console to send the following messages:

Email alerts

An email message is sent to the recipients that you specify.

SNMP messages

An SNMP message is sent to the recipients specified in your anti-virus and HIPS policy settings.

To set up data control messaging:

  1. Check which data control policy is used by the group or groups of computers you want to configure.

    See Check which policies a group uses.

  2. In the Policies pane, double-click Data control. Then double-click the policy you want to change.
    The Data control policy dialog box is displayed.
  3. In the Data control policy dialog box, go to the Messaging tab. Desktop messaging is enabled by default and Include matched rules in messages is selected.
  4. Type messages that will be added to the standard messages for user confirmation of file transfer and for blocked file transfer, if you wish.

    You can enter a maximum of 100 characters. You can also add an HTML link to the message, for example, <a href="http://www.sophos.com">About Sophos</a>.

    Note User-defined desktop messages are not displayed on computers running Windows 8 or later.
  5. To enable email alerting, select the Enable email alerting check box. In the Email recipients field, enter the email addresses of the recipients. Separate each address with a semicolon (;).
  6. To enable SNMP messaging, select the Enable SNMP messaging check box.

    The email server and SNMP trap settings are configured via the anti-virus and HIPS policy.