Managing Data Loss Prevention Rules

The Messaging Security Agent displays all the Data Loss Prevention rules on the Data Loss Prevention screen (Security Settings > {Messaging Security Agent} > Configure Settings > Data Loss Prevention).

  1. View summary information about the rules, including:

    • Rule: WFBS comes with default rules (see Default Data Loss Prevention Rules). These rules are disabled by default. You can modify these rules according to your requirements or delete them. If none of these rules meet your requirements, add your own rules.

      Tip:

      Move your mouse pointer over the rule name to view the rule. Rules that use a regular expression are flagged with a magnifying glass () icon.

    • Action: The Messaging Security Agent takes this action when a rule is triggered.

    • Priority: The Messaging Security Agent applies each rule in succession according to the order shown on this page.

    • Enabled: A green icon indicates an enabled rule while a red icon indicates a disabled rule.

  2. Perform the following tasks:

    Task

    Steps

    Enable/Disable Data Loss Prevention

    Select or clear Enable real-time Data Loss Prevention on top of the screen.

    Add a rule

    Click Add.

    A new screen opens where you can choose the type of rule to add. For details, see Adding Data Loss Prevention Rules.

    Modify a rule

    Click the rule name.

    A new screen opens. For details about rule settings that you can modify, see Adding Data Loss Prevention Rules.
    Import and export rules

    Import one or more rules from (or export them to) a plain-text file, as shown below. If you prefer, you can then edit rules directly by using this file.

    [SMEX_SUB_CFG_CF_RULE43ca5aea-6e75-44c5-94c9-d0b35d2be599]

    RuleName=Bubbly

    UserExample=

    Value=Bubbly

    [SMEX_SUB_CFG_CF_RULE8b752cf2-aca9-4730-a4dd-8e174f9147b6]

    RuleName=Master Card No.

    UserExample=Value=.REG. \b5[1-5]\d{2}\-?\x20?\d{4}\-?\x20?\d{4}\-?\x20?\d{4}\b

    To export rules to a plain-text file, select one or more rules in the list and then click Export.

    Tip:

    You can select rules that appear on one screen only. To select rules that currently appear on different screens, increase the “Rows per page” value at the top of the Rule list table to display enough rows to encompass all of the rules to export.

    To import rules:

    1. Create a plain-text file in the format shown above. You can also click Download more default rules below the table and then save the rules.

    2. Click Import.

      A new window opens.

    3. Click Browse to locate the file to import, and then click Import.

      Data Loss Prevention imports the rules in the file and appends them to the end of the current rules list.

      Tip:

      If you already have more than 10 rules, the imported rules will not be visible on the first page. Use the page-navigation icons at the top or bottom of the rules list to display the last page of the list. The newly imported rules should be there.

    Reorder rules

    The Messaging Security Agent applies the Data Loss Prevention rules to email messages according to the order shown in the Data Loss Prevention screen. Configure the order in which the rules are applied. The agent filters all email messages according to each rule until a content violation triggers an action that prevents further scanning (such as delete or quarantine). Change the order of these rules to optimize Data Loss Prevention.

    1. Select a check box that corresponds to the rule for which you want to change the order.

    2. Click Reorder.

      A box appears around the order number for the rule.

    3. In the Priority column box, delete the existing order number and type a new one.

      Note:

      Be sure to enter a number no larger than the total number of rules in the list. If you enter a number higher than the total number of rules, WFBS disregards the entry and does not change the order of the rule.

    4. Click Save Reorder.

      The rule moves to the priority level that you entered, and all the other rule order numbers change accordingly.

      For example, if you select rule number 5 and change it to rule number 3, then rules number 1 and 2 remain the same, and rules numbered 3 and higher increase by one number.

    Enable/Disable rules

    Click the icon under the Enabled column.

    Remove rules

    When you delete a rule, the Messaging Security Agent updates the order of the other rules to reflect the change.

    Note:

    Deleting a rule is irreversible, consider disabling a rule instead of deleting.

    1. Select a rule.

    2. Click Remove.

    Exclude specific domain accounts

    Within the walls of a company, the exchange of confidential business information is a necessary daily occurrence. Also, the processing load on Security Servers would be extreme if Data Loss Prevention had to filter all internal messages. For these reasons, you need to set up one or more default domains, representing your internal company mail traffic, so that Data Loss Prevention does not filter messages sent from one email account to another within your company domain.

    This list allows all internal email messages (within your company domain) to bypass Data Loss Prevention rules. At least one such domain is required. Add to the list if you use more than one domain.

    For example: *@example.com

    1. Click the plus (+) icon to expand the Specific Domain Account(s) excluded from Data Loss Prevention section.

    2. Place your cursor in the Add field and type the domain, using the following pattern: *@example.com

    3. Click Add.

      The domain appears in the list shown below the Add field.

    4. Click Save to complete the process.

      Warning:

      Data Loss Prevention does not add your domain until you click Save. If you click Add but not Save, your domain will not be added.

    Add email accounts to the Approved Senders List

    Mail from approved senders travels outside of your network with no filtering by Data Loss Prevention. Data Loss Prevention will ignore the content of any mail sent from email accounts on the approved list.

    1. Click the plus (+) icon to expand the Approved Senders section.

    2. Place your cursor in the Add field and type the full email address, using the following pattern: example@example.com

    3. Click Add.

      The address appears in the list shown below the Add field.

    4. Click Save to complete the process.

      Note:

      Data Loss Prevention does not add the address until you click Save. If you click Add but not Save, the address will not be added.

    Import email accounts to the Approved Senders List

    You can import a list of email addresses from a plain-text file formatted with one email account per line, such as:

    admin@example.com

    ceo@example.com

    president@example.com

    1. Click the plus (+) icon to expand the Approved Senders section.

    2. Click Import.

      A new window opens.

    3. Click Browse to locate the plain-text file to import, and then click Import.

      Data Loss Prevention imports the rules in the file and appends them to the end of the current list.
  3. Click Save.
Parent topic: Data Loss Prevention