Policy Guide › Whose Policy Is Applied? › File Monitoring and Scanning

File Monitoring and Scanning

It is often difficult to reliably match a captured file or scanned item to the actual author or creator of the file. In this situation, CA DataMinder typically applies the policy for a ‘system’ user account (such as the Default Policy For Files) rather than the policy for an actual user. However, the actual method used to associate files with a CA DataMinder user account depends on the capture source:

• Event Import: You can configure import jobs to associate imported files with specific CA DataMinder users. In particular, the ImpFile.PolicyParticipant import parameter determines whose policy gets applied to imported files. In fact, this parameter specifies an email addresses. Linked tables in the CMS database enable CA DataMinder to map this address onto an existing CA DataMinder user accounts.

  If no matching CA DataMinder user can be found, then CA DataMinder applies the ‘Default Policy For Files’. This is a CA DataMinder user account set up specifically for this purpose; it is defined in the policy engine's machine policy. It defaults to the DefaultFileUser; this is a CA DataMinder user account created automatically when you install a CMS.

• File Scanning Agent (FSA): When the FSA runs a scanning job, the job definition determines which user’s policy is applied to scanned files. You can either specify the Default Policy For Files (see above) or an email address.

  If you specify an email address, CA DataMinder maps this address onto an existing CA DataMinder user account. As for imported files, if this mapping files then CA DataMinder applies the Default Policy For Files.

• Network Appliance (formerly NBA): The Network Appliance can capture files being sent across the Internet boundary. These include downloads, uploads, FTP transfers, and email attachments. The mechanism for associating these files with CA DataMinder users depends on which mode the Network Appliance is running in. When it runs in:
  • Socket output mode: The Network Appliance passes captured files to policy engines for processing. The policy engine always applies the Default Policy For Files (see above).
  • Disk output mode: The Network Appliance saves captured files to the local disk. These files are subsequently imported onto the CMS using Event Import. You then configure the import job using the ImpFile.PolicyParticipant parameter (see above) to determine whose policy gets applied to imported files.
• Client File System Agent (CFSA): When the CFSA detects a user copying a file to a removable device or network location, it associates the user’s Windows logon credentials with a matching CA DataMinder user account and applies that user’s policy. The synchronization between Windows accounts and CA DataMinder accounts is the same as for CA DataMinder email endpoint agents.

  When the CFSA scans the local hard disk, it applies the ‘Default Policy For Data At Rest’. This is a CA DataMinder user account set up specifically for this purpose; it is defined in the client machine policy. It defaults to the DefaultClientFileUser; this is a CA DataMinder user account created automatically when you install a CMS.