Policy Guide › Protecting Files Being Copied › How Does CA DataMinder Stop Users Burning Files to CD?

How Does CA DataMinder Stop Users Burning Files to CD?

CA DataMinder can detect when a user tries to burn a file to CD or DVD.

The CFSA automatically recognizes writable CD and DVD drives and handles these drives in the same way as removable devices.

Note: In this section, the term 'CD drive' also refers to DVD drives.

Burning a file to CD or DVD

First, the CFSA applies machine policy in real time to block unauthorized file operations. It can also apply Data In Motion triggers to analyze the file being copied. The process is summarized below and in the previous flow chart.

1. CFSA checks whether the user is using a trusted application.

   Settings in the machine policy identify 'trusted applications'. If the user is using:

   • A trusted application, the CFSA allows the user to burn the file. No further policy is applied.
   • Any other application, the CFSA checks the handling for the CD drive (see step 2).
2. CFSA checks the handling for the CD drive.

   Settings in the machine policy define the ‘handling’ for writable CD drives. The available handling options are:

   Allow write access

   Users can always save files to this CD drive.

   Set to read only

   Users are blocked from saving files to this CD drive.

   Apply user policy

   The CFSA checks whether the user is using a policy-enabled application to copy the file (that is, Windows Explorer or DOS).

   Note: When configuring the CFSA machine policy settings, you do not need to add writable CD drives to the Treat These Drives As Removable setting. The CFSA automatically treats these drives as removable and applies the device handling to them. For example, to prevent any files being burnt to CD, you can set the device handling to 'Set to read only'.

3. CFSA checks whether the user is using a policy-enabled application.

   These are applications that the CFSA can integrate with to apply user policy. If a user copies a file using a policy-enabled application and the target handling is set to ‘Apply user policy’, the CFSA applies Data In Motion triggers to the file.

   If the application is not policy-enabled, the CFSA blocks the file. From the user's viewpoint, the CD drive is set to Read Only.

   Important! The only policy-enabled applications recognized by the CFSA in the current release are: Windows Explorer (including drag and drop copying); DOS commands such as copy and xcopy; Wordpad.exe; and Notepad.exe.

4. CFSA applies Data In Motion triggers.

   Data in Motion triggers can analyze the text content to detect key phrases or to check whether the file matches a particular document classification. They can use XML Attribute data lookup commands to detect file attributes such as size, date created, date last modified, and the file author. Each trigger can also apply a further device filter to monitor specific removable devices.

   If a trigger fires, you can configure control actions to block or allow the file operation, or to categorize the file.

   If no control trigger fires, the user is allowed to burn the file.

   Note: 'Encrypt' control actions are not supported. You cannot encrypt files being burned to CD.