Configuring the Write Action
The Write action lets users:
-
Create new files
-
Copy or move files to devices
-
Delete files from devices
-
Change file contents on devices
-
Change file names on devices
The default predefined write actions are:
-
Data Type - Encrypt business-related data on storage devices - All Files that are defined as business-related data must be written to the encrypted storage. Non-business related data can be saved to the device without encryption. See Configuring Business-Related File Types.
-
Allow writing data on storage devices:
-
Allow encryption - Users can write only encrypted files to storage devices.
-
Enable deletion of file on read-only media - Allow users to delete files on devices with read-only permissions.
-
You can configure these settings for specific devices.
To configure the Write action:
-
In the Media Encryption tab, click View Exclusions.
-
Click New to create a new exclusion or configure an existing exclusion on the list.
-
Per each device, configure the options as necessary for: Data Type and Write Encrypted:
-
Data Type - Select one of these options:
-
Allow any data - Users can write all file types to storage devices.
-
Encrypt business-related data - Users must encrypt all business-related files written to storage devices. Other files can be written without encryption. See Configuring Business-Related File Types.
-
Encrypt all data - Users must encrypt all files written to storage devices.
-
Block any data - Users cannot write any files to storage devices.
-
-
Write Encrypted - Select one of these options:
-
Accept - Users must encrypt files written to storage devices.
-
According to Policy - According to the default Media Encryption & Port Protection A component on Endpoint Security Windows clients. This component protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on). Acronym. MEPP. rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..
-
Block - Block all writing to storage devices.
-
-
Notes:
|
To import exclusions:
You can import an exported exclusion file in the JSON format.
-
In the Media Encryption tab, click View Exclusions.
-
Click Import and select the JSON file.
To export exclusions:
-
In the Media Encryption tab, click View Exclusions.
-
Select the exclusion from the list.
-
Click Export.
Configuring Business-Related File Types
The organization's policy defines access to business and non-business related data. Business-related files are confidential data file types that are usually encrypted in the business-related drive section of storage devices. These files are defined as business-related file types by default:
-
Multimedia - QuickTime, MP3, and more.
-
Executable - Exe, shared library and more.
-
Image - JPEG, GIF, TIF and more.
These files are defined as non-business related file types by default:
-
Spreadsheet - Spreadsheet files, such as Microsoft Excel.
-
Presentation - Presentation files, such as Microsoft Power Point.
-
Email - Email files and databases, such as Microsoft Outlook and MSG files.
-
Word - Word processor files, such as Microsoft Word.
-
Database - Database files, such as Microsoft Access or SQL files.
-
Markup - Markup language source files, such as HTML or XML.
-
Drawing - Drawing or illustration software files, such as AutoCAD or Visio.
-
Graphic - Graphic software files such as Photoshop or Adobe Illustrator.
-
Viewer - Platform independent readable files, such as PDF or Postscript.
-
Archive - Compressed archive files, such as ZIP or SIT.
To see the list of business-related file types and non-business related file types:
In Harmony Endpoint, go to the Policy view > Data Protection > Capabilities and Exclusions pane > Media Encryption > Write Policy > Configure File Types > View Mode. Select Non-Business-Related or Business-Related to see the relevant file types.
To configure business and non-business related file types:
- In Harmony Endpoint, go to the Policy view > Data Protection > Capabilities and Exclusions pane > Media Encryption > Write Policy > Configure File Types.
-
You can:
-
Add or delete files from the business-related or non-business related file list. In View Mode, select Business-related or Non-business related. Add or delete the required files. A file type which is not in the business-related file list, is automatically included in the non business-related file type list.
-
Create new file types in the business-related or non-business related file type list. Click the Create new file type button. The File type add/edit window opens. Configure Name, File Extension and File Signatures and click OK.
-
Creating User Overrides (UserCheck)
You can allow users to override the Media Encryption policy.
To allow users to override the Media Encryption policy:
-
In the Media Encryption tab , click Write Policy > User Overrides.
-
Select the Allow user to override company policy checkbox.
-
From the User can gain the following permission list, select:
-
Encrypt business-related data
-
Encrypt all data
-
Ask user
-