Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Nutanix server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- Domain configuration
- File server configuration
- Workgroup configuration
- SMB File Server Configuration
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Installation Steps
- Gateway Configuration in Endpoint
- Gateway Cluster Configuration
- Gateway Server Management
- Certificate Authority Configuration
- Two-way SSL configuration
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Regenerating gateway server access key
- Updating gateway server
- Gateway Server Failover
- Load Balancer Configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- File Upload & Download Reports
- Control Policy reports
- General Reports
- Application Insights
- Shadow Domain Insights
- Banned Domain Insights
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Release notes
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Cloud Protection Gateway server failure
- Known issues and limitations
- Known errors and solutions
- Report discrepancy in File Analysis
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
File Download Control
The Cloud Protection module offers File Download Control as one of its control policies to block file downloads from cloud applications while still allowing you to access them. You can use preconfigured filters or a custom filter to block file downloads.
| Preconfigured filters |
Block downloads from:
|
| Custom filter |
Block downloads based on custom criteria:
|
Creating a new File Download Control policy
- Select Cloud Protection from the modules drop-down menu at the top.
- Go to Configuration > Control Policies > File Download Control.
- Click +Add Policy.
- Enter a suitable Policy Name and Policy Description.
- Assign a Tag. Tags can be used to group control policies based on the category of the cloud suite.
- Under Filter, enable the preconfigured filters or the custom filter option by clicking the toggle button below.
- For preconfigured filters, enabling the toggle button will block file downloads as per the predefined criteria.
- For custom filters, after enabling the toggle button, click Configure criteria. In the Configure File Download Control criteria pop-up window that opens, add as many criteria as required by clicking the + button, and click Done.
Note: Currently, you can choose Domain name, Referer, and File name as the custom criteria. The file download will be blocked if it matches any of the added criteria.
- Click Save to create the File Download Control policy.
Refer to the examples below for an understanding of how to use File Download Control effectively:
Example 1: Allow downloads only from Microsoft apps, such as Outlook, Teams, and OneDrive
- Follow the steps mentioned above to create a new policy.
- Under Filter, enable only the Non-Microsoft365 Apps toggle button.
- Click Save.
Now, file downloads will be blocked from all cloud apps except for Microsoft365 apps.
Example 2: Block downloads from Google apps, such as Gmail, Drive, and Docs
- Follow the steps mentioned above to create a new policy.
- Under Filter, enable only the Google Workspace toggle button.
- Click Save.
Now, file downloads will be blocked from all Google Workspace apps.
Example 3: Block executable file downloads from all cloud applications and all downloads from xyz.com
- Follow the steps mentioned above to create a new policy.
- Under Filter, enable only the Custom toggle button.
- Click Configure criteria.
- In the pop-up window that opens, select Filename from the criteria drop-down, Contains from the conditions drop-down, and enter exe.
- Click the + button, select Referer from the criteria drop-down, Contains from the conditions drop-down, and enter xyz.com.
- Click Save.
Now, file downloads are blocked for the given conditions.
Limitations of File Download Control
- Image files downloaded through JavaScript or from the cache will not be blocked.
- When deep packet inspection is configured in mixed mode, there may be lower accuracy in blocking file downloads.
- File download requests made in WhatsApp and Telegram will not be blocked.
- File download requests from web applications that use background Service workers will not be blocked.