Note the following terminology:
CA DataMinder uses this utility to encrypt and decrypt sensitive files on removable devices (such as USB drives).
When a user copies a sensitive file onto a USB drive, the encryption utility prompts for a password. CA DataMinder uses this password to copy an encrypted version of the file onto the removable device. CA DataMinder also copies the encryption utility onto the USB drive.
When the user wants to copy the encrypted file from the USB drive onto a computer, the utility prompts for the original password. This time, it uses the password to copy a decrypted version of the file onto the computer.
The CFSA can encrypt sensitive files being copied onto removable devices such as USB drives. It uses the CADLPEnc.exe encryption utility to prompt the user for a password. It uses this password to encrypt and decrypt the file.
See CADLPEnc.exe.
You can optionally configure the CFSA to run scheduled scans of all targeted files and folders on the local hard disk. You can specify when and how often the scan runs. Machine policy settings allow you to target specific file types or folders.
This term refers to settings in machine policy that determine how the CFSA handles user attempts to copy or save files to removable devices or network locations. The available options are:
These are applications that the CFSA can integrate with to apply user policy. If a user copies a file using a policy-enabled application and the target handling is set to ‘Apply user policy’, the CFSA applies Data In Motion triggers to the file.
The CFSA uses a hard-coded list of policy-enabled applications; you cannot edit this list.
Note: The only policy-enabled applications recognized by the CFSA in the current release are: Windows Explorer (including drag and drop copying); DOS commands such as copy and xcopy; Wordpad.exe; and Notepad.exe.
See handling above.
These are any removable devices to which write access is denied. Write access can be denied by settings in the local machine policy or by Data In Motion triggers in the user's policy.
A prohibited network location is any network folder to which write access is denied by settings in the local machine policy.
These are removable devices or network locations explicitly identified in machine policy. They can also include specified writable CD and DVD drives.
You can configure custom handling for these devices and locations. Conversely, you can configure default handling for unrecognized devices or network locations. For example, you may want to allow write access to authorized network folders but make other network locations read only.
These refer to any removable storage device, including USB flash drives, writable CD and DVD drives, and external hard disks. The CFSA is designed to prevent unauthorized file copying to such devices.
These are applications that are exempt from CFSA control. If a user is using a trusted application to copy or save a file to a removable device or network location, they are always permitted to do so.
Note: By default, lsass.exe is included in the Trusted Application List machine policy settings for the CFSA. Do not remove this application from the machine policy! This is the Local Security Authority System Service and is needed by Windows to perform security-related functions.
|
Copyright © 2012 CA.
All rights reserved.
|
|