Data Loss Prevention Policies

Worry-Free Services evaluates a file or data against a set of rules defined in DLP policies. Policies determine files or data that requires protection from unauthorized transmission and the action that Worry-Free Services performs after detecting a transmission.


Worry-Free Services does not monitor data transmissions between the server and Security Agents.

Table 1. Settings that Define a DLP Policy




A DLP rule can consist of multiple templates, channels, and actions. Each rule is a subset of the encompassing DLP policy.


Data Loss Prevention processes rules and templates by priority. If a rule is set to "Pass", Data Loss Prevention processes the next rule in the list. If a rule is set to "Block", Data Loss Prevention blocks the user action and does not process that rule/template further.


A DLP template combines data identifiers and logical operators (And, Or, Except) to form condition statements. Only files or data that satisfy a certain condition statement are subject to a DLP rule.

A DLP rule can contain one or several templates. Data Loss Prevention uses the first-match rule when checking templates. This means that if a file or data matches the data identifiers in a template, Data Loss Prevention no longer checks the other templates.


Channels are entities that transmit sensitive information. Data Loss Prevention supports popular transmission channels, such as email, removable storage devices, and instant messaging applications.


Data Loss Prevention performs the specified action when it detects an attempt to transmit sensitive information through any of the channels.


Exceptions act as overrides to the configured DLP rules. Configure exceptions to manage non-monitored targets and compressed file scanning.