Defining Endpoint Agent Policy Channels Parent topic

  1. On the Add Policy: Step 2: Channel screen, select or enter the channels for DLP to monitor.
    Note
    Note
    For all channels, the endpoint agent bypasses one path, especially for Printer (C:\Windows\Fonts\).
    For performance tuning, define policy rules only for channels that you need to filter.
    The channels below have additional specifications to consider:

    Channel Specifications

    Channel
    Description
    Email
    • Click the Email Clients down arrow to display the Monitored and Non-monitored Targets fields.
    • Type monitored and non-monitored email domain names in X400, email address domain, or individual address format. Separate multiple entries with commas. For example, “/O=Trend/OU=USA, /O=Trend/OU=China, trendmicro.com,test@example.com”
    Note
    Note
    The endpoint agent supports monitored and non-monitored email domain names for Microsoft Exchange, Lotus Notes, and SMTP.
    Removable Storage (FileWrite)
    • Click the Removable Storage down arrow to display the Non-monitored USB Devices field.
    • Type non-monitored USB devices. Separate each USB device with commas. Use the format: <Vendor Name>|<Model>|<Serial ID>. For example, ZTE|6025|301011006703D310, GENERIC|8012|*, GENERIC|*|*, *|*|*. You can use asterisks (*).
    Instant Messengers
    Click the IM Applications down arrow to view the filtered IM channels.
    P2P
    • Click the Peer-to-peer Applications down arrow to view the filtered peer-to-peer channels.
    • For the P2P and Skype channels, the endpoint agent bypasses files with these extensions: .dll, .ttf, .lnk, .ico, .gpd, .bud, .ini, .gif, .jpg, .png, .ime, .dbb, .manifest, .torrent, .ezlog, .mlsxml, and .ttc.
    • For Skype channels, the endpoint agent bypasses the special file names, etilqs_XXXXXXXXXXXXXXX
    • For the P2P and Skype channels, the endpoint agent also bypasses these system directories:
      Cookies
      Local settings (long version)
      Application data
      appdata\local\ (skip for Win7 feature - Libraries)
      appdata\roaming\ (skip for Win7 feature - Libraries)
      windows
      winnt
    Printer
    Click Printer to detect sensitive content in documents sent to print.
    Note
    Note
    The endpoint agent bypasses files with these file extensions: .dll, .pf, .dic, .exe and the system font path, C:\windows\fonts\.
    SMB
    • Click the SMB Protocol down arrow to display the Monitored and Non-monitored Targets.
    • Type monitored and non-monitored IP addresses, IP address ranges (for example: 192.168.2.1/10), host names, and Fully Qualified Domain Names (FQDN). Separate multiple entries with commas.
    Web Mail
    Click the Webmail down arrow to view the filtered web mail channels.
  2. Click Next.
    The Add Policy Conditions screen appears.