You define the default settings for write access to storage devices in the Removable Media Write Access window. This action can let users:
The default predefined write actions are:
Action |
Description |
---|---|
Allow writing any data to storage devices |
Users can write all file types to storage devices. |
Encrypt business related data written to storage devices |
All Files that are defined as Business related data must be written to the encrypted storage. Non-business related data can be saved to the device without encryption. See Configuring Business Related File Types. |
Encrypt all data written to storage devices |
All files written to a storage device must be encrypted. This includes both Business and Non-Business Related data. |
Do not allow writing any data to storage devices |
Users cannot write any file types to storage devices. |
Do not allow writing any data to storage devices, allow user override |
By default, users cannot write any file types to storage devices. But. UserCheck lets users override the policy and write to a storage device, after entering justification for the action. |
You can define custom write actions as necessary. Your new custom actions are always available in addition to the default actions.
To configure a storage device Write Action:
The Removable Media Access window opens.
Click New to create a custom action.
Note: If you do not select the Log device events option in the Media Encryption & Port Protection rule, log entries are not created even if the Audit device events option is selected in this window.
Click Additional Encryption Options to configure additional encryption settings as necessary.
Note - The Allow user to override company policy option is not supported for CD/DVD ROM devices. |
If you enable the Encrypt business-related data written to storage devices option, users must encrypt all file types that are defined as business-related. Users can save non business-related file types without encryption.
If you enable the Force encryption of all outgoing data option, all data, including Non-Business related data, must be encrypted.
There are predefined categories of similar file types. You cannot change the file types included in these groups, but you can create your own custom groups. This list includes some of the predefined file type groups:
These groups are defined as Business Related by default:
Groups defined as Non-Business Related by default
To classify groups as Business or Non-Business Related:
You can customize the text that shows in all sections of the user message window, including the banner and the option buttons. You cannot change the Check Point logos. This feature is useful for translating user messages into different languages.
To create a custom user message:
You can click Add to add another language to the list.