File Filters
This feature allows you to create filters to identify file types, extensions or paths that you desire to included or excluded when running lockers or assignments. Using this feature, you can reduce the scope of discovery and remediations because it will process only those folders and file extensions which are listed.
When performing discovery, the inclusion filter performs the scanning based on the input values. Whereas the exclusion filter excludes the data specified while performing scanning.
By default, there are four pre-defined file filters.
- Default Windows
- Default OSX
- Default Unix
Each of the default file filters contain a set of pre-defined excluded file types that represent filed types that PKWARE does not support. You can use these, clone and modify them or create your own. To define a filter, go to Advanced > File Filters tab.
Three actions can be performed on every file filter:
- Edit – click this button to edit the details of a file filter.
- Clone – click this button to create a replica of an existing file filter with exact same details.
- Delete – Click this button to delete the filter.
You cannot delete a file filter once it has been referenced in the File Protection Policy.
To Add a File Filter
To define a filter, click Add button. The Add File Filter screen allows you to input the desired details of a file filter, including the name of the filter, comments, platforms, file extensions and other desired values.
Following is the explanation of all the fields used for defining File Filter:
Field Name | Description |
Name | The unique name for the file filter. This name is used while creating an assignment and locker. |
Comment | Specify any additional information for the filters. |
Platform | This drop-down display different platforms for which File Filters are defined, you can choose from Windows, OSX and Unix |
File Types to Include | Define the file names and extension to include from processing. The name of the files and extensions are separated by semicolons. If you have specified ‘*.csv’ in the File Types to Include, it will only process the files within a directory (path mentioned targets) with this extension.
*Note: You may use inclusion and exclusion filters independently, or together with each other. If you are using both inclusion and exclusions, it is best practices to not have the same entries in both types.
If the same extension is included in both rulesets, only the conflicting inclusion filter item will be processed. You can also combine their use to fine tune which files will be processed. For example, if you include *.docx, and you exclude 'foo*’; discovery will trigger on files with a .docx extension and not process any files that start with the file name ‘foo'. |
File Types to Exclude | Define the file names and extensions to exclude from processing. The names of file and extensions are separated by semicolons. If you have specified ‘*.png’ in the File Types to Exclude, it will not process any file within a directory (path mentioned in targets) with this extension.
*Note: You may use inclusion and exclusion filters independently, or together with each other. If you are using both inclusion and exclusions, it is best practices to not have the same entries in both types.
If the same extension is included in both rulesets, only the conflicting inclusion filter item will be processed. You can also combine their use to fine tune which files will be processed. For example, if you include *.docx, and you exclude 'foo*’; discovery will trigger on files with a .docx extension and not process any files that start with the file name ‘foo'. |
File Paths to Include | Specify the folder path of the file that will be included while processing. If you have specified a folder path like, ‘${USERPROFILE}\*’ in the field. In this scenario, it will process all the files of the parent directories.
*Note: You may use file path inclusion and exclusion filters independently, or together with each other. If you are using both file path inclusion and exclusions, it is best practices to not have the same entries in both types.
If the same path is included in both rulesets, only the conflicting inclusion filter item will be processed. You can also combine their use to fine tune which files will be processed. For example, if ‘\Desktop\*’ is specified in the File Paths to Include and ‘\Personal\* is specified in the File paths to Exclude field.; discovery is performed on the files which are kept in the path containing ‘\Desktop\*’ while it will not process any file kept in the parent folder i.e., ‘Personal’. |
File Paths to Exclude | Specify the folder path of the file that will be excluded while processing. If you have specified folder path like, ‘${APPDATA}\*’ in the field. In this scenario, it does not process any files of the parent directory.
*Note: You may use file path inclusion and exclusion filters independently, or together with each other. If you are using both file path inclusion and exclusions, it is best practices to not have the same entries in both types.
If the same path is included in both rulesets, only the conflicting inclusion filter item will be processed. You can also combine their use to fine tune which files will be processed. For example, if ‘\Desktop\*’ is specified in the File Paths to Include and ‘\Personal\* is specified in the File paths to Exclude field.; discovery is performed on the files which are kept in the path containing ‘\Desktop\*’ while it will not process any file kept in the parent folder i.e., ‘Personal’. |
Exclude Hidden Files | If you do not want to perform discovery on the hidden files, enable this setting. |
Exclude System Files | If you do not want to perform discovery on the system files, enable this setting.
*Note: This option does not appear if you select Unix or OSX as a platform.
|
Size | Size if the amount of data stored in a file. To specify the file size, check the Use Size checkbox. This will display the Minimum and Maximum file size where you can input the value. In PEM Administrator, different file sizes are measured in Bytes (B), KiloBytes (KB), MegaBytes (MB), and GigaBtes (GB). |
Relative Date | Specify a relative time range for the files on which discovery will be performed. There are three parameters i.e., Last Modified date, Last Accessed date, and Created Date.
To enable the setting, select the Use Relative Date checkbox. Enter the value in the Older and Newer field, and select the corresponding the value in days, months or years. |
Absolute Date | Input a specific date range for the files on which discovery will be performed. There are three parameters i.e., Last Modified date, Last Accessed date, and Created Date.
To enable the setting, select the Use Absolute Date checkbox. Enter the dates in the After and Before field for any of the parameters. Based on the dates entered, the files will be processed. For example, if you specify ‘08/11/2022’ in the After field and ‘08/13/2022’ in the Before field of the Created Date section, discovery will be performed on all the files created between 11th August 2022 to 13th August 2022. |
Editing details of a File Filter
To edit the details of file filter, click Edit button. The Edit File Filter screen is displayed where you can update the details.
File Filters Template
The File Filters Template allows the administrator to create a clone of an existing file filters. It reduces the configuration time as it clones the exact information of the template.
There are seven File Filters templates.
- Default Windows Priority Paths
- Default Windows Priority Extensions
- Default Unix Priority Paths
- Default Unix Priority Extensions
- Default OSX Priority Paths
- Default OSX Priority Extensions
Following actions can be performed on the policy templates:
- View: This allows you to view the details of pre-defined templates.
- Clone: This allows you to copy the configuration of an existing remediation action, which can be edited without impacting the original remediation action.