Notification for Endpoint Activities

For ITM/Endpoint DLP prevention rules, you can define notifications for end users, including block action notifications and justification action prompts. These notification appear as a pop-up message about activities disallowed by prevention rules.

Notifications for endpoint activities can be set up at the Agent Realm level and at the Prevention Rule level. You must enable End User Notifications in the Advanced Settings of the Agent Realm.

Agent Realm Level Notifications

The default notification is set up at the Agent Realm level. Unless a notification policy is assigned to a prevention rule, this notification displays when an activity is not allowed.

  1. From the Proofpoint Information and Cloud Security Platform, select the Administration app. Select EndpointsAgent Realms.

  2. Select the Agent Realm you want.

  3. In the Advanced Settings tab, turn on End User Notifications and the customization options are shown.

Rule Level Notifications and Notification Policies

You can define notifications at the rule level. By creating a notification policy and assigning it to specific prevention rules, you can override the default notification set at the Agent Realm level. (If you do not set up notifications at the rule level, the Agent Realm notifications are used as the default.)

Setting Up End User Notification at the Rule Level

You can set up a notification that is used for a specific rule. Notifications at the rule level are defined in Notification Policies. You can assign a notification policy to one or more rules.

  1. From the Proofpoint Information and Cloud Security Platform, select the Administration app. Select IntegrationsNotification Policies. ( See Notification Policies.)

  2. In the prevention rule, Assign End User Notification and select the notification from the list. (See Prevention Rules)

There are also processing notifications and block notifications that are had coded.

Notification for Endpoint Activities

Customize Message

This lets you define a message to let the user know why an activity was blocked.

When you turn on end user notifications at the Agent Realm level, you are prompted to define:

  • Logo: You can customize the notification with a logo, such as your organization's logo. This lets users know who is sending the message.

    Optimal logo size is minimum height: 24px and max: 48px

  • Subject: This appears at the top of your message. It lets the user know the purpose of this message.

  • Message: Enter a message in the Message area.

  • Variables:

    • File name(s)
    • Target path(s)
    • Protocol
    • Rule Name
    • Application (process name)
    • Username
    • IP
    • Hostname
    • Time
    • Printer Name
    • Printer Type

    Hyperlinks

    • Insert Link: Link that will be useful to the user. For example, you might link to your organization's policy.
    • Insert Email: Email address link.

      Multiple email addresses are not supported in this field.

Customize Justification

Notifications can be set up as justifications. Justifications offer the user the option of continuing a prevented action by selecting a response.

The user receives a message when content is blocked indicating that the operation was paused. The user can either select one of the listed justification options and continue or cancel to block the action.

Allow user to respond lets you select options for the users response. When this is turned on you define:

  • Label above selection: The text that displays above the options.

  • Justifications

    • Click Add New Justification and select from one or more of the justifications, (see Customized Justifications).

    • Select Allow user to enter freeform text reply

End User Notification and User Experience

End User Notifications on Windows Endpoints

Here is an example of a message you might see on a Windows endpoint. This message appears when a prevention rule applies.

In the example the message includes an uploaded Proofpoint logo, text you want in the Subject and Body areas. The variable for file name was also added so that the name of the file that was blocked is shown, info.pdf.

If you use the file name variable, by default 5 files will display in the message. If more than 5 files are you can click on Show File List to see the other file names.

End User Notifications on Mac Endpoints

When a prevention rule is applied, notifications display as standard local notifications with the header ITPROTECTOR.

The notifications are grouped by a single user action.

To close these notifications, click to dismiss.

To see the list of all the actions, you can click on a notification or on the icon at the top of the screen in the status item menu bar.

This notification includes the text and logo you customized when setting up the Agent Realm. From here, you can scroll through the notifications.

Related Topic: