My customized policy has not flagged or quarantined violations. What should I do?

If your customized policy is not working properly, follow these steps to resolve it:

  1. Check if your policy is active:
    1. Log in to SysCloud with your account credentials.
    2. Based on the type of policy you want to modify, click on any of the following options:
      1. “DLP”→“Policies”
      2. “Apps Firewall”→“Policies”
      3. “User Behavior”→“Policies”
      4. “Compliance”→“Policies.”
      5. “Web Filter”→“Flagged activities.”

        sharing insights
    3. Scroll down to find the policy and check if the status of the policy is “ACTIVE.”
      active status
    4. Toggle the button to “ACTIVE” if it is in an inactive state.
  2. Check the policy conditions: 
    1. Log in to SysCloud with your account credentials.
    2. Click “Compliance”→“Policy Violations.”

      policy not working_policy violations
    3. Click the preview document icon to check the violation details.

      policy not working_preview doc
  3. Check if the conditions for the customized policy have been set properly:
    1. Log in to SysCloud with your account credentials.
    2. Click “Compliance”→“Policies.”

      Policy not working_policies
    3. Scroll down to find the policy and click the “view” icon to check the policy details.

      policy not working_view
  4. Check if the policy was created after the violation had occurred.
    1. Log in to SysCloud with your account credentials.
    2. Click “Setup”→“Reports”→“Activity Report.”

      policy not working_Activity report
    3. Click the search drop-down icon.
      policy not working_search
    4. Under “Activity Type,” select “Compliance Policy” and click “Search.”

      policy not working_Compliance policy
    5. You can check the creation date listed for all the policies.

      policy not working_date
  5. Check if the policy violator belongs to an Org Unit (OU) or a sub-OU that has been excluded from the policy.

Note:

  • If you make changes to a policy or its settings, it will be reflected only in the next scan.
  • The violations that had occurred in a file before the policy was altered will not be picked up by the scan. The violations will be checked and flagged if you made any changes in the file after the policy was modified.
  • If the file is in a non-native Drive format (such as pdf or CSV), it will not be picked up by the threat card.