Knowledgebase
Knowledgebase: English > Configuration Guide > DLP
DLP policy configuration
Posted by , Last modified by Štěpán Horký on 11 June 2019 01:30 PM

Policy modes

Each DLP policy can be set up in 4 modes which affect how policy rules are applied.

Policy mode
Behavior
Disabled

The policy is configured but does not affect anything. This mode is suitable for preparing a policy which will only come into effect at a later time.

Log only The policy monitors and logs both restricted and allowed actions.
Log and notify The user is notified about performing restricted actions. The actions are logged but they can be performed. Allowed actions are only logged.
Log and block Restricted actions are blocked altogether and logged. Allowed actions are only logged.

Policy rule settings

You need to add policy rules to manage user action behavior. Rules can be set up in various ways:

Policy rule setting
Behavior
Restricted The action is logged and depending on the policy mode, possibly also notified or blocked.
Allowed The action is allowed and logged.
Safe zones allowed The action is allowed for all zones configured as Safe zones, and restricted for all other zones and items not in any zone. Both Restricted and Allowed actions are logged.
Custom

The settings is configured in an advanced way - the settings can be viewed and edited from the policy rule list.

Actions which are not specified in a policy are managed by other policies bellow in the DLP policy rule overview.

Policy rule overview

Policy rule
Affected user action
Upload to file share File uploads to web sites categorized as File sharing
Upload to web mail File uploads to web sites categorized as Web mails
Upload File uploads to all web sites
E-mail Sending e-mail messages from desktop e-mail clients
Instant messaging Sending files via IM applications or web sites categorized as Instant messaging
External devices File transfer to external devices

Cloud drives

File transfer to cloud drives via sync clients or web interface

Virtual print Virtual print
Print Print in general (incl. virtual print)
Clipboard (no logging)
Use of clipboard (e.g. copying and pasting text) outside of the restricted application; does not generate any logs
Screen capture (no logging) Screen capture and screen sharing; does not generate any logs
Remote transfer File transfer to remote desktops and virtual machines
Burning Burning to optical discs
Network (expert) Access to network in general; might negatively affect connectivity
Local paths (expert) Access to specified paths on local drives; might negatively affect stability
Exclusive access (expert) Application whitelisting or blacklisting for accessing sensitive data; might negatively affect user workflow

If overlapping rules are applied within a single policy (e.g. Upload to file share and Upload), the rule listed higher is applied first.

Full overview of policy rules is available here.