Endpoint Integration Guide › Client File System Agent › About the Client File System Agent › When Do Triggers Activate? › How Does CA DataMinder Protect Files on Removable Devices, CDs, or Network Folders?

How Does CA DataMinder Protect Files on Removable Devices, CDs, or Network Folders?

CA DataMinder can detect when a user tries to copy files to removable devices (such as USB flash drives or SD cards) and network locations (such as shared folders). It can also detect when a user tries to burn files to CD or DVD.

Opening a file on a removable device

(Optional) When the CFSA detects a user trying to open a file on a prohibited device, it displays an Access Denied message. This message typically warns users that they are barred from saving file changes. You configure the Access Denied message in the user policy.

Note: A prohibited source is any removable device or network location to which write access is denied. Write access may be denied by settings in the local machine policy or by Data In Motion triggers in the user's policy.

Copying a file to a removable device

First, the CFSA applies machine policy in real time to block unauthorized file operations. It can also apply Data In Motion triggers to analyze the file being copied. The process is summarized below and in the following flow chart.

1. CFSA checks whether the user is using a trusted application.

   Settings in the machine policy identify 'trusted applications'. If the user is using:

   • A trusted application, the CFSA allows the user to copy or save the file. No further policy is applied.
   • Any other application, the CFSA checks the handling for the removable device or network location (see step 2).
2. CFSA checks the handling for the removable device or network location.

   Settings in the machine policy define the ‘handling’ for removable devices and network locations. These settings also apply to writable CD and DVD drives. The available handling options are:

   Allow write access

   Users can always save files to this device, CD drive or network location.

   Set to read only

   Users are blocked from saving files to this device, CD drive or network location.

   Apply user policy

   If the user is using a policy‑enabled application to copy, save or burn a file, the CFSA applies Data In Motion triggers to the file or document (see step 3). If the application is not policy-enabled, the CFSA blocks the file operation.

   You can also configure default handling for unrecognized devices or network locations and custom handling for ‘special devices’ and ‘special locations’.

3. CFSA checks whether the user is using a policy-enabled application.

   These are applications that the CFSA can integrate with to apply user policy. If a user copies or burns a file using a policy-enabled application and the device or location handling is set to ‘apply user policy’, the CFSA applies Data In Motion triggers to the file (see step 4).

   Important! The only policy-enabled applications recognized by the CFSA in the current release are Windows Explorer (including drag and drop copying) and DOS commands such as copy and xcopy.

4. CFSA applies Data In Motion triggers.

   Data in Motion triggers can analyze the text content to detect key phrases or to check whether the file matches a particular document classification. They can use XML Attribute data lookup commands to file attributes such as size, date created, date last modified, and the file author. Each trigger can also apply a further device filter to monitor specific removable devices.

   Finally, you can configure triggers to block or allow the file operation, or to categorize the file. You can also configure triggers to encrypt sensitive files being copied to a USB drive (the user must supply a decryption password).

More information:

CFSA Flow Chart: Removable Devices, CD Drives, Network Folders

CFSA Terminology