Previous Topic: OverviewNext Topic: Exempt PGP® Portable Devices

Policy GuideEncrypting Files Being CopiedSpecify Which Removable Devices To Monitor

Specify Which Removable Devices To Monitor

Before you set up policy triggers to force encryption of sensitive files, you must configure the CFSA.

To configure the CFSA, edit settings in the Client File System Agent folder of the machine policy on each endpoint computer machine. We recommend that you edit the Common Client Policy.

The key machine policy settings are described below.

Data In Use Protection folder

Find this folder in the Client File System Agent folder.

Edit the Included Files and Excluded Files settings.

You also need to edit settings in the following subfolders:

Removable Devices

Edit settings in this folder to protect files files being copied to removable devices such as USB drives. These devices can also include SD cards and writable CD or DVD drives.

To ensure that copied files get encrypted, set the device handling to 'Apply User Policy'. If an employee uses a policy-enabled application to copy a file, the Apply User Policy option causes the CFSA to apply Data In Motion triggers to the file. If the application is not policy-enabled, the CFSA blocks the file from being copied.

You can also configure default handling for unrecognized devices and custom handling for ‘special devices’.

File Sync Providers

Edit settings in this folder to protect files files being copied to sync folders. These settings determine whether a user is allowed to copy files using a file sync application such as Dropbox.

To ensure that a synced file gets encrypted, verify that the file sync application is included in the Trusted Application List. This enables the CFSA to control the file sync application. In particular, it allows the CFSA to apply Data In Motion triggers to the synced file.

If the file sync application is not under CFSA control, CFSA blocks the file from being copied. In particular, these settings determine whether the file sync application is under policy control. If the file sync application is under policy control, CA DataMinder applies Data In Motion triggers to analyze the file being synced.

Note: Full instructions for configuring the CFSA are in the Endpoint Integration Guide. Search for 'Client File System Agent'.