We recommend to limit user access to event data held in the local endpoint agent database, and to email or web page content in blob files held below the CA DLP data folder. You also want to prevent unauthorized users from tampering with, for example, the document fingerprints stored in content index files in the "C:\ProgramData\CA\CA DLP\data\PRC\IndexCache" folder.
By default, the CA DLP software and data are in some of the following folders, depending on your operating system:
C:\Program Files\CA\CA DLP\ C:\Program Files (x86)\CA\CA DLP\ C:\ProgramData\CA\CA DLP\data\ C:\Documents and Settings\All Users\Application Data\CA\CA DLP\
Note: On an NTFS volume, the "CA" folders typically inherit attributes and permissions from their parent folders. The default file system privileges provide basic protection because users require administrator privileges to modify files in these folders.
Follow these steps:
This attribute prevents users from seeing the CA DLP software and data files.
Important: Ensure that the account under which the CA DLP infrastructure service runs (typically LocalSystem) retains full access to all CA DLP folders!
|
Copyright © 2012 CA.
All rights reserved.
|
|