Protection Policies

The File Protection Policies contain information pertaining to policy actions and are selected by a Target. This is a one-to-many relationship, where a single File Protection Policy can be selected by many Targets. To access Protection Policies page, go to Policies > Protection Policies.

This displays File Protection Policies panel which lists down all the policies defined.

Following actions can be performed on each File Protection Policy.

Edit – Allows you to edit the information of the selected file protection policy.
Delete – Click this button if you want to delete the selected file protection policy.
Clone – Allows you to copy the configuration of an existing file protection policy which can be edited without impacting the original one.

The File Protection Policies panel displays the list of all file protection policies defined in PEM Administrator. Following is the description of the columns.

Column Name	Description
Name	This field displays the name of the file protection policy.
Enabled	This field displays whether the file protection policy is enabled for selection within targets.
Platform	This field display the platform for which protection policy is defined. There are three supported platforms i.e., Windows, MacOS, and Linux.
Updated At	This field display the date when File Protection Policy was updated.

To Add a File Protection Policy

To add File Protection Policy, the following attributes needs to be configured:

Attributes	Description
Name	Enter the name of the file protection policy.
Comment	Enter any additional information in this field, if required.
Enabled	By default, this option is selected.
Platform	There are different platforms on which File Protection Policy are supported i.e., Windows, Linux and OSX.
File Filter	Select the desired file filters from the drop-down. The file filters are created in the File Filters tab that can be accessed through Advanced > File Filters.
Priority File Filter	Select the desired priority file filters from the drop-down. These file filters are created in the File Filters tab that can be accessed through Advanced > File Filters. These allow customers to prioritize file extensions and paths inside a target.
Report Compliance and Status	Checking this option will communicate the status to PEM Administrator, which in turn generates a report whether the PEM Agent has received latest policy change or not. By default, this option is selected.
Report Advanced Attributes	This option provides additional properties for MS file types when the discovery task is triggered. Advanced attributes include file Created Date, Created By, and Last Saved Date. Last Saved is reported to DSI when applicable.
Image Discovery	Selecting this option allows agents to discover the sensitive information in the supported image file types.
Archive Options	To enable the archive options for File Protection Policy, check the Archive Options. When enabled, it displays following options: Extensions - This field displays the file extensions that would be processed. Depth - Indicates the number of archive levels a target should executed in. For example, if you wish to scan a file that is in an archive, and that archive exists inside another archive, the appropriate depth level should be defined as a 2. Preserve Signatures - This preserves the original signatures of an archive when the target discovers or remediates file. Exact Single File Archives Modified By Remediation Actions - if checked, when a single file archive is remediated, the underlying file will be extracted on disk and the original zip file is deleted. By default, this option is selected. If unchecked, the archived file will remain intact and is remediated. Process Encrypted - If checked, the agent will scan encrypted files within an archive. With this box checked, if there is a remediation action that modifies the file, the file will remain decrypted unless the “encrypt” action is selected as part of the remediation action.
Actions	The File Protection Policy uses discovery to scan the content of a file to determine whether it should be remediated. The content of file can be remediated as per the action specified in the File Remediation Actions column. To add multiple filter bundles in the Actions panel, click Add button. Similarly, you can delete a filter bundle by clicking Delete button. Following fields are displayed in the Actions panel: Filter Bundles - This field lists all filter bundles defined in the Discovery Filter Bundles screen. These bundles are used for scanning the sensitive data within a file. The Advanced Definition feature can be used with discovery filter bundles. MIP Azure Label - This field lists all MIP labels defined in the MIP screen. This feature discovers a specific MIP label based on the selection. File Filter - The drop-down displays all the file filters defined in the File Filters screen that can be accessed via Advanced > File Filters. This feature allows you to scan or skip only file extensions and paths which are specified in the filter. File Remediation Action - This field displays list of all remediation actions that can be applied on to a file. The order of remediation action is important as PEM Agent processes the remediation actions list from drop-down.

Once you have configured all the settings, click Save button to make the changes effective else click Cancel.