Data Loss Prevention (also known as Data Leak Prevention) detects potential data breaches or data ex-filtration transmissions.

Domains that are subject to an SSL Exception or included in your PAC (Proxy Auto-Configuration) file will not be analyzed by DLP.

Cloud Web Security can inspect all file types. The file types to be inspected can be defined in each DLP rule. The file type is identified by Media/MIME type, magic number, and file extension. Certain file types such as images cannot be scanned by DLP.

In the DLP policy, there is a maximum file size that can be defined in the DLP rule for file uploads. The maximum supported file size defined is currently set at 5 GB.

Yes, DLP will extract and scan the file contained within the zip. For encrypted zip files, users will be prompted to enter the password.

A common cause of reports is the use of artificially generated data when testing DLP functionality. We did a lot of research to ensure DLP does not detect items that merely look like what is being searched for. Therefore, artificial test data is often not real enough for us to detect.

For example, we are sometimes contacted for failing to detect test credit card numbers. This is typically due to the artificial card numbers having invalid check digits, the start digits being invalid or the spacing being incorrect for the brand of card.

The DLP scanning happens inside a short lived/single use container which is locked down to have minimal access to the main VM and no network etc., The file is briefly written to disk so that the file system inside the container can get to the file (and only that file). It is deleted as soon as the scan completes along with the entire container's file system, usually within a few seconds.