Microsoft Edge DLP Not Triggering with File Access Monitoring Enabled
- Article Number: 000017705
- Products: Forcepoint DLP, Forcepoint DLP Endpoint, Forcepoint One Endpoint
- Version: 8.7, 8.6, 8.5, 19, 18
- Last Published Date: June 11, 2020
The following article is used to enable Microsoft Edge detection through the Forcepoint Endpoint:
Forcepoint DLP Endpoint and Forcepoint One Endpoint do not monitor Microsoft Edge v40, v41, v42, or v44 by default in Windows 10 Creators Update
After this is performed, File Access monitoring is enabled for the Edge browser as an Endpoint Application. However, it is found that file uploads are still not blocking and users can upload confidential data through Edge.
There is another executable that reads files in Windows named PickerHost.exe, which was introduced by Microsoft as a security measure to avoid ransomware. Please note that this is part of the Microsoft OS and should not be disabled as because other applications rely on it for functionality.
In order to allow for proper file access detection through Microsoft Edge, create a new Endpoint Application for "PickerHost.exe" and add it to the Endpoint Application Group containing Edge.
Keywords: Forcepoint One Endpoint; Microsoft Edge; DLP Incidents; Endpoint Application; File Access Enabled; PickerHost.exe;