Protection Policies

Column Name

Description

Name

This field displays the name of the file protection policy.

Enabled

This field displays whether the file protection policy is enabled for selection within targets.

Platform

This field display the platform for which protection policy is defined. There are three supported platforms i.e., Windows, MacOS, and Linux.

Updated At

This field display the date when File Protection Policy was updated.

Attributes

Description

Name

Enter the name of the file protection policy.

Comment

Enter any additional information in this field, if required. 

Enabled

By default, this option is selected.

Platform

There are different platforms on which File Protection Policy are supported i.e., Windows, Linux and OSX. 

File Filter

Select the desired file filters from the drop-down. The file filters are created in the File Filters tab that can be accessed through Advanced > File Filters. 

Report Compliance and Status

Checking this option will communicate the status to PEM Administrator, which in turn generates a report whether the PEM Agent has received latest policy change or not. By default, this option is selected.

Report Advanced Attributes

This option provides additional properties for MS file types when the discovery task is triggered. Advanced attributes include file Created Date, Created By, and Last Saved Date. Last Saved is reported to DSI when applicable.

Image Discovery

Selecting this option allows agents to discover the sensitive information in the supported image file types.

Archive Options

To enable the archive options for File Protection Policy, check the Archive Options. When enabled, it displays following options: 

• Extensions - This field displays the file extensions that would be processed.

• Depth - Indicates the number of archive levels a target should executed in. For example, if you wish to scan a file that is in an archive, and that archive exists inside another archive, the appropriate depth level should be defined as a 2.

• Preserve Signatures - This preserves the original signatures of an archive when the target discovers or remediates file.

• Exact Single File Archives Modified By Remediation Actions - if checked, when a single file archive is remediated, the underlying file will be extracted on disk and the original zip file is deleted. By default, this option is selected. If unchecked, the archived file will remain intact and is remediated.

• Process Encrypted - If checked, the agent will scan encrypted files within an archive. With this box checked, if there is a remediation action that modifies the file, the file will remain decrypted unless the “encrypt” action is selected as part of the remediation action.

Actions

The File Protection Policy uses discovery to scan the content of a file to determine whether it should be remediated. The content of file can be remediated as per the action specified in the File Remediation Actions column. To add multiple filter bundles in the Actions panel, click Add button. Similarly, you can delete a filter bundle by clicking Delete button.  

Following fields are displayed in the Actions panel:

• Filter Bundles - This field lists all filter bundles defined in the Discovery Filter Bundles screen. These bundles are used for scanning the sensitive data within a file. The Advanced Definition feature can be used with discovery filter bundles.

• MIP Azure Label - This field lists all MIP labels defined in the MIP screen. This feature discovers a specific MIP label based on the selection.

• File Filter - The drop-down displays all the file filters defined in the File Filters screen that can be accessed via Advanced > File Filters. This feature allows you to scan or skip only file extensions and paths which are specified in the filter.

• File Remediation Action - This field displays list of all remediation actions that can be applied on to a file. The order of remediation action is important as PEM Agent processes the remediation actions list from drop-down.