Search the ManageEngine site:  
 

Help Center

Quick Start

File Auditing

File Analysis

Data Risk Assessment

Endpoint DLP

Cloud Protection

General settings

Release notes

Troubleshooting

Guides

Third-party software Contact us

Clipboard Control configuration

The Clipboard Control prevention policy audits and blocks clipboard copy actions triggered within local devices, the organizational network, and removable devices.

There are two ways to control clipboard copy actions. When the number of copied files is within the configured limit, Clipboard Control profiles can be applied to specific devices or device groups based on conditions such as file size, file name, and location.

When the configured limit is exceeded, the operation is treated as a bulk copy event and you can directly allow or block the action. Clipboard Control profiles will not apply.

Follow the steps below to:

  • Create a Clipboard Control profile and apply it to the target devices or groups.
  • Set up global clipboard settings to handle bulk copy events.

Creating a new Clipboard Control profile

DataSecurity Plus offers a default Clipboard Control prevention policy that audits all clipboard copy actions. The default policy cannot be edited or deleted. To customize the response to copy actions—for example, blocking copy actions for select files or on specific endpoints—you need to create a new Clipboard Control profile.

Follow the steps below to configure a custom copy prevention policy:

  • Select Endpoint DLP from the applications drop-down.
  • Go to Configuration > Clipboard Control.
  • Click +Create New Profile in the top-right corner.
  • Provide the Profile Name and Profile Description.
  • In the Applies To field, click + to select the devices or groups to which this profile should apply. To create or manage device groups, see the Device Group Configuration help page.
  • Configure the Include and Exclude criteria to define the conditions that trigger the profile. Set the Condition Match rule to All conditions (AND) to trigger the profile only when all conditions are met, or to Any condition (OR) to trigger it when any one condition is met.
  • Under Response, choose either Audit file copy attempts or Audit and block file copy attempts.
  • Click Save.

Managing multiple profiles matches

When multiple Clipboard Control prevention policies with varying response actions apply to the same event, the profile with the most restrictive response will prevail.

Setting up global clipboard settings

Global clipboard settings apply to all endpoints regardless of which Clipboard Control profile is in effect. Use them to handle bulk copy events that exceed a defined threshold. To configure global clipboard settings, follow these steps:

  • Select Endpoint DLP from the apps drop-down.
  • Go to Configuration > Clipboard Control > Clipboard Settings.
  • Choose a bulk copy limit from the Limit drop-down menu.
  • Choose an Allow or Block response to execute when the bulk copy limit is exceeded.
  • Click Save.

When global settings apply

Global clipboard settings and Clipboard Control profiles apply differently based on the number of files copied.

Bulk copy events (when copied file count exceeds the configured limit)

  • Treated as a single event and logged as such in the Reports tab.
  • Clipboard Control profiles are not evaluated.
  • The global Allow or Block action is applied directly.

Standard copy events (when copied file count is within the configured limit)

  • Clipboard Control profiles apply.
  • Each copied file is evaluated individually against Clipboard Control profiles.
  • Each file copy action is logged as an individual event in the Reports tab.
Notes:
  • The bulk copy limit applies globally to all endpoints.
  • It is a single setting, cannot be scoped to individual device groups, and cannot be disabled.
  • Copying exactly the limit value does not trigger the bulk response. Only events that exceed the limit are treated as bulk copy events.

Sample configurations

The following examples show how to configure Clipboard Control profiles for common use cases.

Block copy actions for files with sensitive names

Goal: Block clipboard copy actions for any file whose name contains "customer addresses."

  • Include criteria: User Object — In — ALL; Data Source — In — Local Drives, Network Drives, Removable Drives; File/Folder Name — Contains — customer addresses
  • Include condition match: Any condition (OR)
  • Exclude criteria: None
  • Response: Audit and block file copy attempts

Block all copy actions on all endpoints

Goal: Block all clipboard copy actions across local, network, and removable drives for all users.

  • Include criteria: User Object — In — ALL; Data Source — In — Local Drives, Network Drives, Removable Drives
  • Include Condition Match: All conditions (AND)
  • Exclude criteria: None
  • Response: Audit and block file copy attempts

Block copy actions for all files except approved ones

Goal: Block copy actions for all files, but allow files named A or B to be copied.

  • Include criteria: User Object — In — ALL; Data Source — In — Local Drives, Network Drives, Removable Drives
  • Include Condition Match: All conditions (AND)
  • Exclude criteria: File/Folder Name — Contains — A, B
  • Exclude Condition Match: Any condition (OR)
  • Response: Audit and block file copy attempts
Notes:
  • The Data Source, Object Type, and File/Folder Name criteria accept multiple values under the same parameter.
  • Local Drives refers to files copied from the local system or from external storage devices connected to it.
  • Network Drives refers to copy actions involving files on a network share.
  • Removable Drives refers to all detected USBSTOR-based removable media storage devices.

Topics in this page:

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     

  • Request additional resources

    Send us your requirements.

     

© 2026 Zoho Corporation Pvt. Ltd. All rights reserved.