Creating Data Discovery Policies

Data Discovery searches databases, endpoints and document management systems for the presence of sensitive information. Data Discovery widgets display data loss prevention compliance with an enterprise's policy. Using Data Discovery policies and widgets administrators can then perform remediation actions on their network.

Note:

Performing a full scan of an endpoint drive or directory can cause significant system slowdown for end users.

  1. Select Enable this rule.
  2. Specify a name for the rule.

Configure the target folder settings:

  1. Click the Target Folder tab.
    Note:

    The root folder cannot be a Windows shared folder or removable device (USB device or DVD).

  2. Specify the scan location for files under File Path.
    Note:

    Data Discovery does not scan autoexec.bat files the following file paths:

    • \Documents and Settings\*\Application Data\

    • \Documents and Settings\*\Local Settings\

    • \Documents and Settings\*\Cookies\

    • \Program Files\

    • \Windows\

    • \Winnt\

    • \Users\*\AppData\

    • \ProgramData\

  3. Specify scanning exceptions under File Type Exceptions.
    • Scan: Specify specific files or file types to scan.
    • Do not scan: Specify specific files, file types, or folders that Data Discovery will not scan.
    Note:
    Data Discovery supports the following wildcard characters:
    • *: Substitute for any and all characters before or after the *

    • ?: Substitute for a single charaacter or a single double-byte character

    Separate multiple entires with pipes ( | ) and use the following format:
    • For files: *.<file extention> (for example: *.exe|*.doc)

    • For folders: Specify a file path (for example: *\Test\*|C:\My-Docs\)

Configure the template settings:

  1. Click the Template tab.
  2. Select templates from the Available templates list and then click Add.

    When selecting templates:

    • Select multiple entries by clicking the template names which highlights the name.

    • Use the search feature if you have a specific template in mind. You can type the full or partial name of the template.

    Note:

    Each rule can contain a maximum of 500 templates.

Configure the action settings:

  1. Click the Action tab.
  2. Specify one or more of the following:
    • Monitor: Detections are recorded for analysis
    • Encrypt with the following: Sensitive files are encrypted using one of the following methods and administrators can configure passwords to access encrypted sensitive files:
      • User key

      • Group key

      • Encryption password: The encryption password is a global password for all OfficeScan servers.

Configure the schedule for the scan:

  1. Click the Schedule tab.
  2. Specify the frequency of the scan.
  3. Specify the time the scan starts.
  4. After configuring the Target Folder, Template, Action, and Schedule settings, click Save.