Prevention Rules Supported Actions

Prevention Rules are policies for managing data exfiltration.

With prevention rules you can create policies that block or prompt the user. In addition, allow activities is supported for Web Upload and Cloud Sync Folder and USB.

For additional information, see:

Enabling ITM / Endpoint DLP Prevention Rules

ITM / Endpoint DLP Exit Points

Prevention Rule Supported Actions

The following actions are supported:

Block: Activity is blocked. The end user is blocked with an end user notification.
Prompt the user to provide a justification. Activity is not blocked and the end user is prompted to select a response. (See Justifications.)

Prevention rules are enabled per Realm. You turn on/off Prevention Enabled in the Advanced Settings of the Agent Realm.

The table describes the supported activities:

Activity	Description	Action	Filters
USB	Copy to USB	Block	Detector User File/Resources Devices
		Prompt the user to provide a justification
		Allow (Includes Trellix and BitLocker encryption.)
Cloud Sync Folder	Upload to Cloud Sync Folder (Supported for Windows Explorer only)	Block	Detector User Processes/Applications File/Resources Devices
		Prompt the user to provide a justification
		Allow OneDrive, Google Drive, Box, Apple iCloud, Dropbox
Send files Using AirDrop	Prevent exfiltration via AirDrop (for Mac only from version 4.0)	Block	Detector User Processes/Applications File/Resources Devices
Send files Using AirDrop		Prompt
Printer	Print files Print Detection and Prevention	Block	Detector User File/Resources Devices
Printer	Print files Print Detection and Prevention	Prompt the user to provide a justification	Detector User File/Resources Devices
Upload files to the Web	Web File Upload	Block	Detector User File/Resources
		Prompt the user to provide a justification
		Allow
Paste Text from Clipboard (Windows)	Paste Text from Clipboard Text Pasted from Clipboard	Block	Detector User Processes/Applications File/Resources
Copy to Network Drive	Copy to Network Drive File Exfiltration to Network Drive	Block	Detector User File/Resources
Copy to Network Drive	Copy to Network Drive File Exfiltration to Network Drive	Prompt the user to provide a justification	Detector User File/Resources
GenAI Prompt Submit	Prevent text submitted to GenAI websites based on content scanning of the text prompt GenAI Prompt Submit Detection and Prevention	Block	Detector User
		Prompt the user to provide a justification
		Redact Text