Configuring Data Loss Prevention Policies

About this task

You can start to create Data Loss Prevention policies after you have configured data identifiers and organized them in templates.

In addition to data identifiers and templates, you need to configure channels and actions when creating a policy.

Note: When upgrading from 10.6, re-create and deploy pre-configured DLP tasks to clients. Policies that require redeployment appear in an informational banner at the top of the screen. Click Create to begin the redeployment.

Procedure

  1. Navigate to Endpoint Protection > Core Protection Module > Configuration > Data Protection > DLP Settings Wizard > Policy Management.
  2. Click Add. A new screen appears.
  3. Type a name for the template. The name must not exceed 64 bytes in length and cannot contain the following characters: > < * ^ | & ? \ /
  4. Search for and select an available template. Click Add > to include the template to the policy.
  5. Select the network channels to monitor. For more information on network channels, see Network Channels.
    • Click Exceptions next to Email clients to configure Non-monitored Email Domains.
    • Configure the Transmission Scope to include Only transmissions outside the Local Area Network to improve scan performance.
    • Expand the Exceptions section to configure specific Non-monitored Targets. Identify non-monitored endpoints by IP address, host name, FQDN, or network address and subnet mask.
  6. Select the system and application channels to monitor. For more information on system and application channels, see System and Application Channels.

    • Click Exceptions next to Removable storage to configure Non-monitored Devices. Add non-monitored removable storage devices, identifying them by their vendors. The device model and serial ID are optional.

  7. Select the action that CPM takes upon identifying a policy violation. For more information on the available actions, see Data Loss Prevention Actions.
  8. Modify the default Decompression Settings as necessary. For more information on decompression settings, see Decompression Rules.
  9. Click Create Fixlet and Save.
  10. Type your Private Key Password and click OK.
  11. Below Actions, click the hyperlink to open the Take Action window.
  12. In the Target tab, click All computers with the property values selected in the tree below and then choose a property that will include all the computers you want to deploy this Action to.
  13. When finished identifying the computers you want to include in the exception, click OK. At the prompt, type your private key password and click OK.
  14. The Action | Summary window that opens, monitor the "Status" of the Action to confirm that it is "Running" and then "Completed".