Policy Guide › Whose Policy Is Applied? › File Monitoring and Scanning

File Monitoring and Scanning

It is often difficult to reliably match a captured file or scanned item to the actual author or creator of the file. In this situation, CA Data Protection typically applies the policy for a ‘system’ user account (such as the Default Policy For Files) rather than the policy for an actual user. However, the actual method used to associate files with a CA Data Protection user account depends on the capture source:

• Event Import: You can configure import jobs to associate imported files with specific CA Data Protection users. In particular, the ImpFile.PolicyParticipant import parameter determines whose policy gets applied to imported files. In fact, this parameter specifies an email addresses. Linked tables in the CMS database enable CA Data Protection to map this address onto an existing CA Data Protection user accounts.

  If no matching CA Data Protection user can be found, then CA Data Protection applies the ‘Default Policy For Files’. This is a CA Data Protection user account set up specifically for this purpose; it is defined in the policy engine's machine policy. It defaults to the DefaultFileUser; this is a CA Data Protection user account created automatically when you install a CMS.

• File Scanning Agent (FSA): When the FSA runs a scanning job, the job definition determines which user’s policy is applied to scanned files. You can either specify the Default Policy For Files (see above) or an email address.

  If you specify an email address, CA Data Protection maps this address onto an existing CA Data Protection user account. As for imported files, if this mapping files then CA Data Protection applies the Default Policy For Files.

• Client File System Agent (CFSA): When the CFSA detects a user copying a file to a removable device or network location, it associates the user’s Windows logon credentials with a matching CA Data Protection user account and applies that user’s policy. The synchronization between Windows accounts and CA Data Protection accounts is the same as for CA Data Protection email endpoint agents.

  When the CFSA scans the local hard disk, it applies the ‘Default Policy For Data At Rest’. This is a CA Data Protection user account set up specifically for this purpose; it is defined in the client machine policy. It defaults to the DefaultClientFileUser; this is a CA Data Protection user account created automatically when you install a CMS.