Creating Data Loss Prevention Rules


Data Loss Prevention processes rules and templates by priority. If a rule is set to "Pass", Data Loss Prevention processes the next rule in the list. If a rule is set to "Block" or "User Justification", Data Loss Prevention blocks or accepts the user action and does not process that rule/template further.

  1. Select Enable this rule.
  2. Specify a name for the rule.

Configure the template settings:

  1. Click the Template tab.
  2. Select templates from the Available templates list and then click Add.

    When selecting templates:

    • Select multiple entries by clicking the template names which highlights the name.

    • Use the search feature if you have a specific template in mind. You can type the full or partial name of the template.


    Each rule can contain a maximum of 200 templates.

  3. If your preferred template is not found in the Available templates list:
    1. Click Add new template.

      The Data Loss Prevention Templates screen displays.

      For instructions on adding templates in the Data Prevention Templates screen, see Data Loss Prevention Templates.

    2. After creating the template, select it and then click Add.
    Note: OfficeScan uses the first-match rule when checking templates. This means that if a file or data matches the definition on a template, OfficeScan will no longer check the other templates. Priority is based on the order of the templates in the list.

Configure the channel settings:

  1. Click the Channel tab.
  2. Select the channels for the rule.

    For details about channels, see Network Channels and System and Application Channels.

  3. If you selected any of the network channels, select the transmission scope:
    • All transmissions

    • Only transmissions outside the Local Area Network

    See Transmission Scope and Targets for Network Channels for details on transmission scope, how targets work depending on the transmission scope, and how to define targets correctly.

  4. If you selected Email clients:
    1. Click Exceptions.
    2. Specify monitored and non-monitored internal email domains.

      For details on monitored and non-monitored email domains, see Email Clients.

  5. If you selected Removable storage:
    1. Click Exceptions.
    2. Add non-monitored removable storage devices, identifying them by their vendors. The device model and serial ID are optional.

      The approved list for USB devices supports the use of the asterisk (*) wildcard. Replace any field with the asterisk (*) to include all devices that satisfy the other fields.

      For example, [vendor]-[model]-* places all USB devices from the specified vendor and the specified model type, regardless of serial ID, to the approved list.

    3. To add more devices, click the plus (+) icon.

    Use the Device List Tool to query devices connected to endpoints. The tool provides the device vendor, model, and serial ID for each device. For details, see Device List Tool.

Configure the action settings:

  1. Click the Action tab.
  2. Select a primary action and any additional actions.

    For details about actions, see Data Loss Prevention Actions.


    Data Loss Prevention only supports the encryption of sensitive data on removable devices and cloud storage services. Data Loss Prevention performs the "Pass" action without encryption on all channels where encryption is not supported. The target endpoint must have Endpoint Encryption installed and the user must log in to Endpoint Encryption in order to encrypt data.

  3. After configuring the Template, Channel, and Action settings, click Save.