dlpsach
OfficeScan can monitor the following system and application channels:
Data recorders (CD/DVD)
Peer-to-peer applications
PGP Encryption
Printer
Removable storage
Synchronization software (ActiveSync)
Windows clipboard
OfficeScan monitors data recorded to a CD or DVD. For a list of supported data recording devices and software, see:
http://docs.trendmicro.com/en-us/enterprise/officescan.aspx
When OfficeScan detects a "burn" command initiated on any of the supported devices or software and the action is Pass, data recording proceeds. If the action is Block, OfficeScan checks if any of the files to be recorded is or contains a digital asset. If OfficeScan detects at least one digital asset, all files—including those that are not, or do not contain, digital assets—will not be recorded. OfficeScan may also prevent the CD or DVD from ejecting. If this issue occurs, instruct users to restart the software process or reset the device.
OfficeScan implements additional CD/DVD recording rules:
To reduce false positives, OfficeScan does not monitor the following files:
|
.bud |
.dll |
.gif |
.gpd |
.htm |
.ico |
.ini |
|
.jpg |
.lnk |
.sys |
.ttf |
.url |
.xml |
|
Two file types used by Roxio data recorders (*.png and *.skn) are not monitored to increase performance.
OfficeScan does not monitor files in the following directories:
|
*:\autoexec.bat |
*:\Windows |
|
..\Application Data |
..\Cookies |
|
..\Local Settings |
..\ProgramData |
|
..\Program Files |
..\Users\*\AppData |
|
..\WINNT |
|
ISO images created by the devices and software are not monitored.
OfficeScan monitors files that users share through peer-to-peer applications.
For a list of supported peer-to-peer applications, see:
http://docs.trendmicro.com/en-us/enterprise/officescan.aspx
OfficeScan monitors data to be encrypted by PGP encryption software. OfficeScan checks the data before encryption proceeds.
For a list of supported PGP encryption software, see:
http://docs.trendmicro.com/en-us/enterprise/officescan.aspx
OfficeScan monitors printer operations initiated from various applications.
OfficeScan does not block printer operations on new files that have not been saved because printing information has only been stored in the memory at this point.
For a list of supported applications that can initiate printer operations, see:
http://docs.trendmicro.com/en-us/enterprise/officescan.aspx
OfficeScan monitors data transmissions to or within removable storage devices. Activities related to data transmission include:
Creation of a file within the device
Copying of a file from the host machine to the device
Closing of a modified file within the device
Modifying of file information (such as the file’s extension) within the device
When a file to be transmitted contains a digital asset, OfficeScan either blocks or allows the transmission.
The Device Control action has a higher priority than the Digital Asset Control action. For example, If Device Control does not allow copying of files to a removable storage device, transmission of digital assets will not proceed even if Digital Asset Control allows it. For details on Device Control actions, see Permissions for Storage Devices.
For a list of supported removable storage devices and applications that facilitate data transmission activities, see:
http://docs.trendmicro.com/en-us/enterprise/officescan.aspx
The handling of file transmission to a removable storage device is a straightforward process. For example, a user who creates a file from Microsoft Word may want to save the file to an SD card (it does not matter which file type the user saves the file as). If the file contains a digital asset that should not be transmitted, OfficeScan prevents the file from being saved.
For file transmission within the device, OfficeScan first backs up the file (if its size is 75MB or less) to %WINDIR%\system32\dgagent\temp before processing it. OfficeScan removes the backup file if it allowed the file transmission. If OfficeScan blocked the transmission, it is possible that the file may have been deleted in the process. In this case, OfficeScan will copy the backup file to the folder containing the original file.
OfficeScan allows you to define non-monitored devices. OfficeScan always allows data transmissions to or within these devices. Identify devices by their vendors and optionally provide the device models and serial IDs.
Use the Device List Tool to query devices connected to endpoints. The tool provides the device vendor, model, and serial ID for each device. For details, see Device List Tool.
OfficeScan monitors data transmitted to a mobile device through synchronization software.
For a list of supported synchronization software, see:
http://docs.trendmicro.com/en-us/enterprise/officescan.aspx
If the data has a source IP address of 127.0.0.1 and is sent through either port 990 or 5678 (the ports used for synchronization), OfficeScan checks if the data is a digital asset before allowing or blocking its transmission.
When OfficeScan blocks a file transmitted on port 990, a file of the same name containing malformed characters may still be created at the destination folder on the mobile device. This is because parts of the file have been copied to the device before OfficeScan blocked the transmission.
OfficeScan monitors data to be transmitted to Windows clipboard before allowing or blocking the transmission.
OfficeScan can also monitor clipboard activities between the host machine and VMWare or Remote Desktop. Monitoring occurs on the entity with the OfficeScan client. For example, an OfficeScan client on a VMware virtual machine can prevent clipboard data on the virtual machine from being transmitted to the host machine. Similarly, a host machine with an OfficeScan client may not copy clipboard data to an endpoint accessed through Remote Desktop.
See also: