Enabling ITM / Endpoint DLP Prevention Rules

This topic is for ITM / Endpoint DLP rules only.

Enabling Prevention Rules

Prevention rules are enabled at the Realm level. You turn on/off Prevention Enabled in the Advanced Settings of the Agent Realm. (Advanced SettingsProcessingPrevention Enabled)

When enabled the following options are available:

  • Print Prevention: Prevent printing of files. (See Print Detection and Prevention.)

  • Action to apply for non file-explorer file movements to Media Device (Android only): Prevent exfiltration via Media Transfer Protocol (MTP) to media devices when file transfers are performed outside File Explorer. (Allow , Block) By default, this is set to Allow. (From Windows 4.3.0) (See Mobile Device Detection and Prevention.)

  • Enable Prevention from Unsupported Program: Prevent users from exfiltrating sensitive data using an application that the Agent does not support print monitoring activity. (See Print from an Unsupported Program.)

  • Resume web upload operation automatically: When Resume Web Upload is turned on, Web Upload action is resumed after file processing, without end user interaction or with only minimal end user interaction. (See Resume Web Upload.)

  • Upload Prevention for Mac: Web File Upload is supported as an exit point for Mac Agents. Web Upload action is resumed after file processing, without end user interaction or with only minimal end user interaction.

  • Action to apply if file size exceeds threshold: This setting controls the action to apply if the file size exceeds the Content Scanning File Size threshold. (Block, Prompt or From Prevention Rule)

  • Actions to apply for any other failure: This setting controls how the Agent behaves for any other failure related to content scanning. (Block, Prompt or From Prevention Rule)

  • Action to apply on encrypted file: This setting controls how the Agent behaves when scanning an encrypted file. (Block, Prompt, Allow or From Prevention Rule)

  • User Catalog Integration: When processing prevention rules on the Agent, you must enable User Catalog Integration to use the Users Catalog. (Administration app > EndpointsAgent Realms > Advanced SettingsProcessingUser Catalog Integration). (See Users Catalog.)

  • Action to apply when Cloud Assisted Service is unavailable: Applies to special content scanning that involves the Cloud-Assisted Services (EDM, IDM), when local scanning at the endpoint indicates a possible match. (Block, Prompt, Allow or From Prevention Rule) (From Windows 4.3.0)

  • Action to apply on Possible Match: Apples to a possible match that may be a false detection. This can happen when the Scan Cloud is unavailable. (Block, Prompt, Allow or From Prevention Rule) (From Windows 4.3.0)

Supported Options

The following describes the available supported options:

  • Block: Content is blocked and the selected user notification displays.

  • Prompt The user is prompted to provide a justification based on the selected end user notification. Justifications can be used with prevention rules to offer the user the option of continuing a prevented action by selecting a response. When a justification is selected, the action is allowed.

  • From Prevention Rule: The action and end user notification defined at the rule level is applied.

  • Allow: Action is allowed

Related Topics:

ITM / Endpoint DLP Prevention Rules

ITM / Endpoint DLP Exit Points