Help Center

Quick Start

File Auditing

Endpoint DLP

File Analysis

Data Risk Assessment

Cloud Protection

Administrative settings

General settings

About DataSecurity Plus

Release notes

Troubleshooting

Contact us
×
Rate this page:
    WRITE TO US
  • Please enter a valid the email id
    • By clicking 'SEND', you agree to processing of personal data according to the Privacy Policy.

Policy

DataSecurity Plus uses predefined policies to identify endpoint security vulnerabilities in real time.

You can monitor the following security policies using the Endpoint DLP solution:

Data Leak Prevention

Block files containing business-critical data from leaving the network via USBs and email.

File Activity Monitoring

Audit accesses and changes made to files in workstations.

File Copy Auditing

Audit file copy actions by users both within workstations as well as to external storage devices.

File Integrity Monitoring

Detect and respond to unauthorized changes made to sensitive files by users.

Potential Malware Intrusion

Detect potential malware by receiving alerts when safe threshold limits are breached.

Removable Device Auditing

Audit the use of USBs and other removable storage devices.

Sensitive File Activity Monitoring and Response

Receive reports on user activities in files containing sensitive data such as PII and ePHI.

Follow the steps below to modify the predefined policies:

  • Click the Endpoint tab. Go to Configuration > Settings > Policy.
  • Select the edit icon next to a predefined policy to modify it.
  • Add or remove rules configured under Audit Profiles and Alert Profiles.
  • Click Save.

To create new audit or alert policies, follow the below steps:

  • Click the Endpoint tab. Go to Configuration > Settings > Policy Configuration.
  • Click + Add Policy at the top-right corner.
  • Name the policy and include an appropriate description.
  • Choose the endpoints that it applies to.
  • Choose the Audit Profiles and Alert Profiles that you want to add.

    Example: If you want to block sensitive file movements to USB devices, choose the Data Leak Prevention - USB alert profile.

  • Click Save.

Default audited folders list

The following folders and shares are audited by default in endpoint devices:

  • *OSDIR*\Program Files
  • *OSDIR*\Program Files\Internet Explorer
  • *OSDIR*\Program Files\Common Files
  • *OSDIR*\Program Files (x86)
  • *OSDIR*\Program Files (x86) \Common Files
  • *OSDIR*\ProgramData
  • *OSDIR*\Windows
  • *OSDIR*\Windows\System32
  • *OSDIR*\Windows\System32\Drivers
  • *OSDIR*\Windows\System32\Drivers\etc
  • *OSDIR*\Windows\System32\Sysprep
  • *OSDIR*\Windows\System32\wbem
  • *OSDIR*\Windows\System32\WindowsPowerShell\v1.0
  • *OSDIR*\Windows\Web
  • *OSDIR*\Windows\SysWOW64
  • *OSDIR*\Windows\SysWOW64\Drivers
  • *OSDIR*\Windows\SysWOW64\wbem
  • *OSDIR*\Windows\SysWOW64\WindowsPowerShell\v1.0
  • *OSDIR*\Boot
  • *OSDIR*\Perflogs
  • *OSDIR*\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup
  • *OSDIR*\Users\Public
  • *OSDIR*\Users\*\AppData\Local
  • *OSDIR*\Users\*\AppData\Local\Temp
  • *OSDIR*\Users\*\AppData\LocalLow
  • *OSDIR*\Users\*\AppData\Roaming
  • *OSDIR*\Windows\Scripts
  • *OSDIR*\Windows\System
  • *OSDIR*\Windows\System32\GroupPolicy\Machine\Scripts\Startup
  • *OSDIR*\Windows\System32\GroupPolicy\Machine\Scripts\Shutdown
  • *OSDIR*\Windows\System32\GroupPolicy\User\Scripts\Logon
  • *OSDIR*\Windows\System32\GroupPolicy\User\Scripts\Logoff
  • *OSDIR*\Windows\System32\Repl
  • *OSDIR*\Users

Don't see what you're looking for? Ask the Community

Ask a question
×
Thanks for your valuable feedback.

© 2020 Zoho Corporation Pvt. Ltd. All rights reserved.