Configuring Data Loss Prevention

  1. Go to the Configure Policy screen by performing one of the following:
    • Classic Mode: Go to SECURITY AGENTS and select a group. Click > Configure Policy.

    • Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.

  2. Click Windows.
  3. Go to Data Loss Prevention.
  4. Under Data Loss Prevention, enable the feature and configure the required settings.

    The following scenarios require users to restart their endpoints to apply the Data Loss Prevention settings:

    • Enabling Data Loss Prevention for the first time

    • Adding or moving endpoints to a group that has enabled Data Loss Prevention

    • A child domain group that uses customized policy settings restores policy inheritance to apply the parent group policy settings, and the parent group has enabled Data Loss Prevention

  5. On the Rules tab, click Add.

    A policy can contain a maximum of 40 rules.

  6. Select Enable this rule.
  7. Specify a name for the rule.
  8. Select templates from the list.

    Each rule can contain a maximum of 200 templates.


    Use the All templates list or the search function to help you find the templates.

  9. Select the channels for the rule.

    If you selected any of the network channels, specify the transmission scope.

  10. Specify the action to take after detecting sensitive data transmitted through a selected channel.
    • Pass and log: Allows and logs the transmission
    • Block: Blocks and logs the transmission
  11. Click Add.
  12. To configure exception settings, click the Exceptions tab.

    See Configuring Data Loss Prevention Exceptions for more details.

  13. Click Save.