Policy Guide › Encrypting Data › Encrypt Files Being Copied to Removable Devices › Specify Which Removable Devices To Monitor

Specify Which Removable Devices To Monitor

Before you can set up policy triggers to force encryption of sensitive files, you must edit the machine policy to specify how CA DLP handles removable devices.

To specify how CA DLP handles removable devices

1. Edit the Common Client machine policy.
   1. In the Administration console, expand the Machine Administration branch.
   2. Right-click the CMS and choose Edit Common Client Policy.
2. In the Machine Policy Editor, go to this folder:

   Client File System Agent, Data In Use Protection, Removable Devices

3. Edit the policy settings as required. Pay particular attention to these settings:

   Default Handling

   The setting controls attempts to copy files to unlisted devices (that is, any device not in the Special Device List). These handling options are available:

   Read Only: Users cannot copy files to these devices.

   Allow Write Access: Users are allowed to copy files to these devices.

   Apply User Policy: CA DLP applies Data In Motion triggers to the file. For example, you can configure triggers to block unauthorized files, or you can force users to encrypt sensitive files being copied to USB devices.

   Special Device List

   This is a list of removable devices that require specific handling by the CFSA. For example, you can identify the devices you want the CFSA to block or the ones that you want it to allow.

   Handling for Special Devices

   This setting determines how the CFSA handles files being copied to devices in the Special Device List. The available handling options are exactly the same as the default handling options (see above).

   Note: Full instructions for configuring the CFSA are in the Endpoint Integration Guide. Search for 'Client File System Agent'.

4. Save the machine policy changes.