Creating Data Loss Prevention Rules Parent topic

Procedure

  1. Select Enable this rule.
  2. Specify a name for the rule.
  3. Configure the template settings:
  4. Click the Template tab.
  5. Select templates from the Available templates list and then click Add.
    When selecting templates:
    • Select multiple entries by clicking the template names which highlights the name.
    • Use the search feature if you have a specific template in mind. You can type the full or partial name of the template.
    Note
    Note
    Each rule can contain a maximum of 200 templates.
  6. If your preferred template is not found in the Available templates list:
    1. Click Add new template.
      The Data Loss Prevention Templates screen displays.
      For instructions on adding templates in the Data Prevention Templates screen, see Data Loss Prevention Templates.
    2. After creating the template, select it and then click Add.
    Note
    Note
    OfficeScan uses the first-match rule when checking templates. This means that if a file or data matches the definition on a template, OfficeScan will no longer check the other templates. Priority is based on the order of the templates in the list.
  7. Configure the channel settings:
  8. Click the Channel tab.
  9. Select the channels for the rule.
    For details about channels, see Network Channels and System and Application Channels.
  10. If you selected any of the network channels, select the transmission scope:
    • All transmissions
    • Only transmissions outside the Local Area Network
    See Transmission Scope and Targets for Network Channels for details on transmission scope, how targets work depending on the transmission scope, and how to define targets correctly.
  11. If you selected Email clients:
    1. Click Exceptions.
    2. Specify monitored and non-monitored internal email domains. For details on monitored and non-monitored email domains, see Email Clients.
  12. If you selected Removable storage:
    1. Click Exceptions.
    2. Add non-monitored removable storage devices, identifying them by their vendors. The device model and serial ID are optional.
      The approved list for USB devices supports the use of the asterisk (*) wildcard. Replace any field with the asterisk (*) to include all devices that satisfy the other fields.
      For example, [vendor]-[model]-* places all USB devices from the specified vendor and the specified model type, regardless of serial ID, to the approved list.
    3. To add more devices, click the plus (+) icon.
    Tip
    Tip
    Use the Device List Tool to query devices connected to endpoints. The tool provides the device vendor, model, and serial ID for each device. For details, see Device List Tool.
  13. Configure the action settings:
  14. Click the Action tab.
  15. Select a primary action and any additional actions. For details about actions, see Data Loss Prevention Actions.
  16. After configuring the Template, Channel, and Action settings, click Save.