Encryption – Functionality FAQ

Q: What file types will be encrypted with by content, by folder, by extension and by channel policies?

A: On a new machine, before the agent is installed, only by content, by extension and by channel classifications are available and encryption can be set. Agent will proceed to scan all the files based on the enabled file extensions in Monitoring settings page. Files from the ignored folder list (see below) will be skipped.

  1. Content classification – When the file contents match the Content classification Rule text , the file will be classified and encrypted. The encrypted file can be opened by Local processes as defined in the default lists which includes most common local applications. Additional local processes can also be defined in Application Risk page (Add System).
    Note: Applications / Web Application Analytics should On to for on-the-fly decryption to allow viewing of encrypted files.
  2. Extension classification – All scanned files whose extensions matched the defined extension classification will be classified and encrypted.
    Note: Applications / Web Application Analytics should On to for on-the-fly decryption to allow viewing of encrypted files.
  3. Channel Classification – When a file is downloaded from a channel for which a channel classification exists, the downloaded file will be classified and encrypted. For it to function, Applications / Web Application Analytics must be set to On.
    Note: Applications / Web Application Analytics should On to for on-the-fly decryption to allow viewing of encrypted files.
  4. Folder classification – folders only become available after they were scanned by the agent and had at least one file with extension enabled in Monitoring Page. After a folder classification is defined, any file copied to the folder will be classified and encrypted.
    Note: Applications / Web Application Analytics should On to for on-the-fly decryption to allow viewing of encrypted files.

Q: What will get decrypted automatically? Under what conditions does the automatic decryption work?

A: On a device level – When Disable Encryption is set to ON – all files on the device will be decrypted.

On a classification level –

  1. Primary classification for encryption – Set to ON. In case where a file is classified by multiple classifications including one where , Primary classification for encryption – is set to ON and the policy set to Decrypt, the file will be decrypted.
  2. When a file is moved from a encrypted folder to another fixed folder, the file be decrypted. But if a file from an encrypted folder is moved to a device where agent is not installed, the file will be remain encrypted.
  3. When additional transport channels like Outlook or Skype are defined under Decrypt option and when a classified file is transferred via these channels, the file will be decrypted.
  4. When Classification status of a classification is set to OFF, all the files encrypted by the classification will be decrypted.
  5. When classification with encryption set to On is deleted, all the files encrypted by the deleted classification will be decrypted.
  6. When Encryption is set to to OFF, all the encrypted files will be decrypted.

Q: What are the Ignored Folders?

A: Files under the following directories will not be encrypted, nor decrypted if loaded from these directories. These directories will not appear in the by folders classification policy and therefore their contents cannot be encrypted as part of a policy.

C:\WINDOWS\
C:\PROGRAM FILES (X86)\
C:\PROGRAM FILES\
C:\TEMP\
C:\PROGRAMDATA\
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\
C:\PROGRAM FILES (X86)\ACTIFILE AGENT\
C:\$RECYCLE.BIN(PST ignore)
C:\SYSTEM VOLUME INFORMATION(PST ignore)
C:\$GETCURRENT(PST ignore)
C:\$SYSRESET(PST ignore)
C:\$WINDOWS.~BT(PST ignore)
C:\$WINDOWS.~WS(PST ignore)
C:\$UPGRADE.~OS(PST ignore)
C:\$WINREAGENT(PST ignore)
C:\WINDOWS.OLD(PST ignore)
C:\WINDOWSAPPS(PST ignore)
C:\WINDOWS10UPGRADE(PST ignore)
C:\$WINDOWS.~BT_OLD(PST ignore)
C:\$WINDOWS.~Q(PST ignore)
C:\WINDOWS.OLD.000(PST ignore)
C:\WINDOWSAZURE(PST ignore)
C:\USERS\ALL USERS\APPDATA\
C:\USERS\ALL USERS\APPLICATION DATA\
C:\USERS\DEFAULT\APPDATA\
C:\USERS\DEFAULT\APPLICATION DATA\
C:\USERS\DEFAULT USER\APPDATA\
C:\USERS\DEFAULT USER\APPLICATION DATA\
C:\USERS\DEFAULTAPPPOOL\APPDATA\
C:\USERS\DEFAULTAPPPOOL\APPLICATION DATA\
C:\USERS\PUBLIC\APPDATA\
C:\USERS\PUBLIC\APPLICATION DATA\
C:\USERS\SHIVK\APPDATA\
C:\USERS\SHIVK\APPLICATION DATA\
C:\USERS\SHIVK_U2N0GOA\APPDATA\

Powered by BetterDocs