Policy

DataSecurity Plus uses predefined policies to identify endpoint security vulnerabilities in real time.

You can monitor the following security policies using the Endpoint DLP solution:

Data Leak Prevention

Block files containing business-critical data from leaving the network via USBs and email.

File Activity Monitoring

Audit accesses and changes made to files in workstations.

File Copy Auditing

Audit file copy actions by users both within workstations as well as to external storage devices.

File Integrity Monitoring

Detect and respond to unauthorized changes made to sensitive files by users.

Potential Malware Intrusion

Detect potential malware by receiving alerts when safe threshold limits are breached.

Removable Device Auditing

Audit the use of USBs and other removable storage devices.

Sensitive File Activity Monitoring and Response

Receive reports on user activities in files containing sensitive data such as PII and ePHI.

Steps to modify the predefined policies:

• Select Endpoint DLP from the application drop-down and navigate to Configuration > Policies.
• Click the edit icon next to the predefined policy you want to modify.
• In the Applies To field, select the desired groups and devices.
• Add or remove rules configured under Audit Profiles, Alert Profiles, and Prevention Policies.
• Click Save.

Steps to create a new DLP policy:

• Select Endpoint DLP from the application drop-down and navigate to Configuration > Policies.
• Click + Add Policy in the top-right corner.
• Name the policy and include an appropriate description.
• Choose the endpoints that it applies to.
• Choose the rules that you want to add from the Audit Profiles, Alert Profiles, or Prevention Policies section.

Example: If you want to block sensitive files from being sent as attachments via email, select the Data Leak Prevention - email policy.

• Click Save.

Note: The External Device Control Policy will appear in the menu only when a profile is created under that policy.

Default audited folders list

The following folders and shares are audited by default in endpoint devices:

• *OSDIR*\Program Files
• *OSDIR*\Program Files\Internet Explorer
• *OSDIR*\Program Files\Common Files
• *OSDIR*\Program Files (x86)
• *OSDIR*\Program Files (x86) \Common Files
• *OSDIR*\ProgramData
• *OSDIR*\Windows
• *OSDIR*\Windows\System32
• *OSDIR*\Windows\System32\Drivers
• *OSDIR*\Windows\System32\Drivers\etc
• *OSDIR*\Windows\System32\Sysprep
• *OSDIR*\Windows\System32\wbem
• *OSDIR*\Windows\System32\WindowsPowerShell\v1.0
• *OSDIR*\Windows\Web
• *OSDIR*\Windows\SysWOW64
• *OSDIR*\Windows\SysWOW64\Drivers
• *OSDIR*\Windows\SysWOW64\wbem
• *OSDIR*\Windows\SysWOW64\WindowsPowerShell\v1.0
• *OSDIR*\Boot
• *OSDIR*\Perflogs
• *OSDIR*\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup
• *OSDIR*\Users\Public
• *OSDIR*\Users\*\AppData\Local
• *OSDIR*\Users\*\AppData\Local\Temp
• *OSDIR*\Users\*\AppData\LocalLow
• *OSDIR*\Users\*\AppData\Roaming
• *OSDIR*\Windows\Scripts
• *OSDIR*\Windows\System
• *OSDIR*\Windows\System32\GroupPolicy\Machine\Scripts\Startup
• *OSDIR*\Windows\System32\GroupPolicy\Machine\Scripts\Shutdown
• *OSDIR*\Windows\System32\GroupPolicy\User\Scripts\Logon
• *OSDIR*\Windows\System32\GroupPolicy\User\Scripts\Logoff
• *OSDIR*\Windows\System32\Repl
• *OSDIR*\Users