[only using DLP endpoint]
I have a folder on a server with a specific path...c:\confidential\data\
1. is there a way to have all files in there automatically tagged when it is created?
I can do a discovery but that is only once a day!
going further, i have select users that will map to that location. they need to edit and save that file to that mapped location. we do not want the file to leave the server (to the best we can).
2. How can i configure the policy on the users computer to be restricted to just open, edit and save back to that location?
The goal is to prevent this user from taking the file and emailing or posting on a different share.
Hello and thank you for posting here!
If the directory location you are looking to monitor is local to the system, then I believe a discovery scan would be your best option. We do have a location based fingerprinting classification criteria that would fingerprint files upon creation, but that can only focus on UNC shares.
Additionally, DLPE does have a Network Share protection rule which can take action on files uploaded to a network share. However, there currently is not an option to block files within that rule. The only rule reaction options are Monitor (no action), Encrypt, Request Justification and Apply RM Policy.
I know you mentioned DLP Endpoint only, however an alternative might be to use DLP Discover to scan the network shares you are concerned with. A DLP Discover scan can be configured to scan for files that have been proactively classified and move them to a different location.
thank you for the follow up.
i do not think we have a license for DLP discover but will check.
can you clarify this 'location based fingerprinting classification criteria' - rather where in the manual to help me get started.
The product guide link you posted would be a good place to start. The DLP Interface Guide also has some details explaining each option within the location content finger printing criteria page.
i can't get it to work or see it work.
i put my steps in the attached doc.
any thoughts on where i am going wrong?
would the policy be applied to the server that has the file or the endpoints (where i applied it) that connect to that unc location? - or am i misinterpreting this?
I reviewed the Word doc you attached. So, the Network Share Protection Rule will only generate an incident when a file is copied to that network share location, not from. That said, with just the Location Based Fingerprinting Classification alone, those files on that share should get tagged when the end user interacts with those files in some way. You could then build other rules (Email Protection, Web Protection) using that same Fingerprinting Classification to block or prevent those files from leaving the environment.