Previous Topic: Removable Devices FolderNext Topic: File Sync Providers Folder

Administration GuideMachine Policy SettingsWhat Is in a Machine Policy?Client File System Agent SettingsData In Use Protection FolderNetwork Locations Folder

Network Locations Folder

This folder contains the following settings:

Trusted Application List

These are applications that are exempted from CFSA control. That is, users can save files to any network location if they are using a trusted application.

For example, you may not need to monitor an in‑house system application that always encrypts files when saving. By default, lsass.exe is always included in this list—see the trusted application definition in 'CFSA Terminology'.

In the Trusted Application List setting, add the applications you want to exempt from the CFSA. You must supply the executable or process name, such as Winword.exe.

Note: Trusted applications override any network location filters. Users can save files directly from a trusted application to any network location.

Default Handling

This setting determines how the agent handles attempts to copy files to unlisted network locations (that is, any not listed in Special Locations List). The available actions are exactly the same as for special locations (see below).

Note: If no special locations are listed, the default handling is applied to all network locations.

Special Locations List

This setting is a list of network locations that require specific handling by the CFSA. You can either list the locations you want the CFSA to control or the ones you want it to ignore.

When you specify a network location, you must supply the UNC path. This path must use a fully qualified domain name (FQDN). For example:

\\UX-FILESVR-01.UNIPRAXIS.COM\My Project\Reports
Local Drives Listed As Network Drives Over RDC

The CFSA can apply policy to drives mapped over a Remote Desktop Connection (RDC).

The Windows RDC feature allows users to use local disk drives in a remote session. For example, a user working from home connects to their office workstation using RDC. When the RDC session starts, the user can add their local C drive as a network drive on the remote workstation. This network drive represents a security risk, because the user can drag and drop sensitive files from their workstation onto their local C drive.

To apply policy to files being copied to this network drive in an RDC session, add one of the following values to Special Locations List:

\\tsclient\C
\\tsclient\D
\\tsclient\*

These values apply policy to, respectively, the local C drive, local D drive, or all local drives mapped as network drives in an RDC session.

Wildcards

When you specify a UNC path, you can use wildcards to specify the share name, folder name and file name. But do not use wildcards to specify the server. For example, this path is allowed::

\\UX-FILESVR-01.UNIPRAXIS.COM\My Project*\Report*

But this path is not allowed: 

\\UX-FILESVR-*.UNIPRAXIS.COM\My Project*\Report*
Spaces

If a UNC path contains spaces, you do not need to enclose it in quotes.

Handling of Special Locations

This setting determines how the CFSA handles attempts to copy files to a network location listed in Special Locations. The available actions are:

Allow write access

The user is allowed to copy files to special locations. Policy is not applied.

Read only

The user is not allowed to copy files to special network locations (unless they are using a trusted application).

Apply User Policy To File

If the user attempts to copy a file to a special location using:

  • A policy-enabled application, policy is applied to the file using Data In Motion triggers.
  • A trusted application, copy operations are always permitted. Policy is not applied to the file.
  • Any other application, the copy operation is blocked; that is, the location is set to read only.