IDM detection with print/fax detection may not work. A file that is copied to the USB will generate an incident, but the same file sent to a printer may not.
If using a DCM policy, the same file will be detected regardless of which component is being monitored.
Steps to reproduce
Create an IDM profile with some files smaller than 1kb and some larger.
enable print/fax, clipboard and removable storage for endpoint
Create an IDM policy using the profile created above and a DCM policy
From an endpoint agent copy files (less than 1kb) used the IDM profile to usb, or to clipboard – the incident is generated for both policies
Print the same file ( less than 1kb) – no incident is generated for the IDM policy but 1 incident for the DCM policy
Print other files ( larger than 2kb) – incident is generated for both policies
At present, Print/Fax is not supported for IDM detection. There are known issues with IDM detection with printing.
If a file has fewer than 1000 non-whitespace characters, then we will only do an exact match, which means an md5 of the binary file. If that happens, we will not detect on print because print events are captured by the print driver. Detection never sees the original file, so we could not do the md5 match.
The message is based on the print spool, not based on the original file. The pages may be sent to the printer out of order. This may change the percentage matches.
If the print job injects any content (page #, etc) then the match percentage could be considerably lower.
Imported Document ID: TECH220592
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe