Policy Guide › Protecting Files Being Copied › How Does CA DataMinder Protect Files on Removable Devices?

How Does CA DataMinder Protect Files on Removable Devices?

CA DataMinder can detect when a user tries to copy files to removable devices such as USB flash drives or SD cards.

Opening a file on a removable device

(Optional) When the CFSA detects a user trying to open a file on a prohibited device, it displays an Access Denied message. This message typically warns users that they are barred from saving file changes. You configure the Access Denied message in the user policy.

Note: A prohibited source is any removable device to which write access is denied. Write access may be denied by settings in the local machine policy or by Data In Motion triggers in the user's policy.

Copying a file to a removable device

When CA DataMinder detects a user trying to save a file to a removable device, it applies policy in the following sequence. The process is also summarized in the following flow chart.

1. CFSA checks whether the user is using a trusted application.

   Settings in the machine policy identify 'trusted applications'. If the user is using:

   • A trusted application, the CFSA always allows the user to copy or save the file to a removable device. No further policy is applied.
   • Any other application, the CFSA checks the handling for the removable device or network location (see step 2).
2. CFSA checks the handling for the removable device.

   Settings in the machine policy define the ‘handling’ for removable devices. The available handling options are:

   Allow write access

   The user is allowed to copy files to this device.

   Set to read only

   The user is blocked from copying files to the device. That is, Write access to the device is disallowed.

   Apply user policy

   The CFSA checks whether the user is using a policy-enabled application to copy the file (that is, Windows Explorer or DOS).

   You can also configure default handling for unrecognized devices and custom handling for ‘special devices’.

3. CFSA checks whether the user is using a policy-enabled application.

   These are applications that the CFSA can integrate with to apply user policy. If a user copies a file using a policy-enabled application and the target handling is set to ‘Apply user policy’, the CFSA applies Data In Motion triggers to the file.

   If the application is not policy-enabled, the CFSA blocks the file. From the user's viewpoint, the device is set to Read Only.

   Warning! The only policy-enabled applications recognized by the CFSA in the current release are: Windows Explorer (including drag and drop copying); DOS commands such as copy and xcopy; Wordpad.exe; and Notepad.exe.

4. CFSA applies Data In Motion triggers.

   Data in Motion triggers can analyze the text content to detect key phrases or to check whether the file matches a particular document classification. They can use XML Attribute data lookup commands to detect file attributes such as size, date created, date last modified, and the file author. Each trigger can also apply a further device filter to monitor specific removable devices.

   If a trigger fires, you can configure control actions to block or allow the file operation, or to categorize the file. You can also configure control actions to encrypt sensitive files being copied to a removable device (the user must supply a decryption password).

   If no control trigger fires, the user is allowed to copy the file.

More information:

CFSA Flow Chart: Removable Devices, CD Drives, Network Folders