Retain File action allows you to enable file retention for supported activities and save a copy of the file to a remote storage.
The files is retained on external cloud storage so it can be downloaded and reviewed. Files that are retained may be evidence when exfiltration of sensitive data is suspected. These files may also be useful for legal and compliance reviews.
You can set up file retention using Endpoint Rules or with Prevention Rules.
-
Prevention Rules - Retain File: Allows you to enable file retention so that files are retained in external storage.
What is supported?
Currently Microsoft Azure Blob is supported as external storage options. .
The following are supported:
-
Web File Upload
-
Web File Sync
-
Copy to USB
-
Copy to Network Drive
The following are also supported from Windows 4.10. Contact your Proofpoint representative.
-
Web File Download
-
File Copy
-
File Move
-
File Rename
Requirements for File Retention
To use the file retention feature you need to make sure the following are completed:
-
Onboard external storage: From the Integration Settings screen, you onboard where you will store information on your cloud-based storage service.
-
Assign Signal and Source: After onboarding external storage, you can use this storage for data export for specific/licensed sources, such as Endpoint, CASB or Email. (See Data Export.)
-
You also define:
-
Max File Size for Retention: Maximum size for a file that is retained.
-
Max Temporary Storage Size on Endpoint: Maximum amount of storage on the endpoint before the file is uploaded and for retention.
-
File Retention Storage: Alias of the external storage you defined in the External Storage screen.
-
Path on External Storage for this Realm (optional): Path you specify so you can structure how files that are stored. For each Agent Realm you might have a separate path area.
-
-
Add a Prevention Rule and turn on Retain the files option. When this option is selected, files that meet the criteria defined in the prevention rule are blocked and retained in external cloud storage. (See Prevention/Endpoint Rules.)
Analyze Activities
To filter, review and analyze activities with retained files, from the Analytics applications such as the Exploration view, select Processing > Enforcement Action / Response > Retain.
An indication is displayed next to the action.
Related Topics: