Search the ManageEngine site:  
 

Help Center

Quick Start

File Auditing

File Analysis

Data Risk Assessment

Endpoint DLP

Cloud Protection

General settings

Policy Configuration

Release notes

Troubleshooting

Guides

Third-party software Contact us

Clipboard control configuration

The Endpoint DLP module in DataSecurity Plus offers prevention policies to thwart and respond to potential file security risks. The clipboard control prevention policy audits and blocks clipboard copy actions triggered within local devices, the organizational network, and removable devices.

There are three steps to preventing copy actions in configured endpoints:

  • Create a file copy prevention profile with the block response enabled.
  • Map the prevention policy to the DLP policy that has been applied to endpoints.
  • Configure global clipboard settings.

1. Creating a new clipboard control profile

While DataSecurity Plus comes with a default clipboard control prevention policy, it exists to audit all clipboard copy actions. It cannot be edited or deleted. If you want to modify your responses to copy actions, you must create a new clipboard control policy and customize it. You can also create a new policy when you want to block copy actions in select files or in specific endpoints.

Follow the steps below to configure a custom copy prevention policy:

  • Select Endpoint DLP from the modules drop-down menu.
  • Go to Configuration > Prevention Policies > Clipboard Control.
  • Click +Create New Profile in the top-right corner.
  • Provide the Profile Name and Profile Description.
  • Configure the Include and Exclude criteria to set up the conditions for which the profile should be implemented. In addition to the criteria, you can trigger the prevention policy when all parameters are satisfied, or if even just one parameter is met, by configuring the Condition Match rule.
  • Choose whether to Audit file copy attempts or Audit and block file copy attempts.
  • Click Save and ensure you map the prevention policy to the target endpoints to enforce them.

Note: If multiple clipboard control prevention policies are enforced with varying response actions, the profile with the block response will prevail.

Refer to the examples below to create your own custom prevention policy.

Target action Include criteria Exclude criteria Response
To block all copy actions for file names containing "customer addresses."
  • User Object - In - ALL
  • Data Source - In - Local Drives, Network Drives, Removable Drives
  • File/Folder Name - Contains - Customer Addresses
  • Condition Match: Any condition (OR)
 - Audit and block file copy attempts.
To block all clipboard file copy actions in all endpoints and removable media devices.
  • User Object - In - ALL
  • Data Source - In - Local Drives, Network Drives, Removable Drives.
  • Condition Match: All conditions (AND)
 - Audit and block file copy attempts.
To block file copy actions for all files except for Files A and B.
  • User Object - In - ALL
  • Data Source - In - Local Drives, Network Drives, Removable Drives.
  • Condition Match: All conditions (AND)
  • File/Folder Name - Contains - A, B
  • Condition Match: Any condition (OR)
 Audit and block file copy attempts.

Note:

  • The Data Source, Object Type, and File/Folder Name criteria are multi-input values, and you can select more than one value under the same parameter.
  • Local Drives refers to files that are copied from the local system or any external storage devices connected to it.
  • Network Drives refers to file copy actions that take place within the network.
  • Removable Drives refers to all detected USBSTOR-based removable media storage devices.

2. Mapping the clipboard control prevention policy to endpoints

All prevention policies need to be mapped to endpoints to be enforced in them. Follow the steps below to map them to endpoints:

  • Select Endpoint DLP from the modules drop-down menu.
  • Go to Configuration > DLP Policies.
  • Select the DLP policy linked to the endpoints that you want to apply a clipboard control prevention policy to.
  • In the Prevention Policies section, go to Clipboard Control. Select the custom policy you created.
  • Click Save to implement the prevention policy to all endpoints linked to this DLP policy.

3. Configuring global clipboard settings

In the Endpoint DLP module, you can customize certain clipboard settings that are applicable irrespective of clipboard control profiles and do not require to be mapped to any DLP policy. Follow the steps below to edit them:

  • Select Endpoint DLP from the modules drop-down menu.
  • Go to Configuration > Prevention Policies > Clipboard Control > Clipboard Settings.
  • Choose a bulk copy limit from the Limit drop-down menu.
  • Choose an Allow or Block response to be executed when the bulk copy limit is exceeded.

Note: When more files are bulk copied than the selected limit, it will be considered as a single event and will show as such under the Reports tab. These files will not undergo validation against any clipboard control profile. Only the selected response selected in this page will be executed. Below the bulk copy limit, these settings will not apply, and each copy event will be validated against each configured profile.

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     

  • Request additional resources

    Send us your requirements.

     

© 2024 Zoho Corporation Pvt. Ltd. All rights reserved.