Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Configure process restriction policies
The process restriction policies in DataSecurity Plus prevent users from running unauthorized executables. Endpoint DLP can restrict users or groups from running executables at a particular location or stop them from running a particular executable completely.
Follow the steps below to create new process restriction policies:
- Select the Endpoint DLP module from the drop-down menu at the top.
- Go to Configuration > Prevention Policies > Process Restriction.
- Click + Add Block Executable Profile in the top-right corner.
- Provide a suitable profile name and description.
- To create a new process restriction policy, click the + Add new Executable button in the top-right corner.
- Specify the Executable Name.
- Select one Block Rule from the two options:
- Path: Enter the file path in the Executable Path field.
- Hash: Browse and upload an executable file. Click Calculate Hashes so that the MD5 Hash, SHA256 Hash, and Size in bytes fields are filled. Click Save.
- Click Save to create the process restriction policy.
- Enforce the process restriction policy on endpoints by mapping it to the corresponding DLP policy.
- No conflicting rules are present in the domain controller GPO.
- The option to push process restriction policies through the local GPO is not disabled.
Note: Use Path when you have to block a process from being executed from a particular location only. Use Hash to block it from all sources.
Best practice: Use both the Path and Hash methods to configure the Block Rule for the same executable, as the hash would need to be recomputed manually when the executable is updated. Create separate profiles for the same executable to use both Path and Hash methods.
Note: For process restriction profiles to work on workstations, ensure that:
Mapping process restriction policies to endpoints
To enforce process restriction policies on endpoints, created policies have to be mapped to the DLP policy linked to the targeted endpoints.
Follow the steps below to map process restriction policies to endpoints:
- Select the Endpoint DLP module from the drop-down menu at the top.
- Go to Configuration > DLP Policies.
- Select the DLP policy that is linked to the endpoints to which you wish to apply the process restriction policy.
- Under Prevention Policies, click Process Restriction.
- Select the process restriction policy you wish to enforce on endpoints.
- Click Save to update the process restriction policy.