14.10 Sensitive Information Classification Library

Chapter 1: Introduction
- 1.1 Preface
- 1.2 Features Overview
Chapter 2: Installation and Deployment
- 2.1 Basic Operating Framework
- 2.2 Software and Hardware Requirements
- 2.3 Installation and Deployment of Server and Console
- 2.4 Installing and Deploying the Repeater
- 2.5 Installing and Deploying the Web Server
- 2.6 Deploying the Client Module
- 2.7 Creating the USB Encryption Client
- 2.8 System Upgrade
- 2.9 Uninstallation
Chapter 3: Console
- 3.1 Console Login
- 3.2 Console Overview
- 3.3 Computer and User Operations
- 3.4 Policy Roles
- 3.5 Control
- 3.6 Auxiliary Functions
Chapter 4: Statistics
- 4.1 Application Statistics
- 4.2 Web Browsing Statistics
- 4.3 Network Traffic Statistics
Chapter 5: Logs
- 5.1 Basic Event Logs
- 5.2 Application Logs
- 5.3 Web Browsing Logs
- 5.4 Keyword Search Logs
- 5.5 Document Operation Logs
- 5.6 CD/DVD Burning Operation Logs
- 5.7 Shared Document Operation Logs
- 5.8 Remote Desktop Logs
- 5.9 Document Print Logs
- 5.10 Removable Storage Operation Logs
- 5.11 Asset Change Log
- 5.12 Windows System Logs
- 5.13 Policy Logs
- 5.14 System Event Logs
Chapter 6: Policies
- 6.1 Introduction to Policies
- 6.2 Basic Policies
- 6.3 Device Control Policies
- 6.4 Application Policies
- 6.5 Web Browsing Policies
- 6.6 Screen Recording Policies
- 6.7 Logging Policy
- 6.8 Remote Control Policies
- 6.9 Custom Configuration Policies
- 6.10 System Alert Policies
- 6.11 Network Traffic Control Policies
- 6.12 Network Control Policies
- 6.13 Email Control Policy
- 6.14 IM File Transfer Policy
- 6.15 Upload Control Policy
- 6.16 Document Operation Policy
- 6.17 Print Control Policy
- 6.18 Removable Storage Authorization Policy
- 6.19 Software Installation Management Policy
Chapter 7: Monitoring
- 7.1 Instant Messaging Content
- 7.2 Email Content
- 7.3 Real-Time Screen Monitoring
- 7.4 Multi-Screen Monitoring
- 7.5 Screen History Query
- 7.6 Screen History Viewer
Chapter 8: Remote Maintenance
- 8.1 Remote Maintenance
- 8.2 Remote Control
Chapter 9: Security Monitoring
- 9.1 All Security Conditions
- 9.2 Security Check Settings
- 9.3 Security Check Logs
- 9.4 Security Check Status
Chapter 10: Sensitive Information
- 10.1 Enable/Disable Sensitive Content Inspection Authorization
- 10.2 Sensitive Information Exfiltration Control Policy
- 10.3 Sensitive Information Local Control Policy
- 10.4 Document Label Policy
- 10.5 Document Classification Permission Policy
- 10.6 Sensitive Information Logs
- 10.7 Document Tag Logs
- 10.8 Sensitive Information Scanning Tools
- 10.9 Full-Disk Sensitive Information Scan Tasks
Chapter 11: Visual Perception
- 11.1 Enable/Disable Visual Perception Authorization
- 11.2 Visual Perception Settings
- 11.3 Capture Logs
- 11.4 Client Usage
Chapter 12: Watermarks
- 12.1 Watermark Policies
- 12.2 Watermark Logs
- 12.3 Watermark Code Query
- 12.4 Document Watermark Extraction
- 12.5 Document ID Scanning Task
Chapter 13: Asset Management
- 13.1 Asset Management
- 13.2 Software Version Management
- 13.3 Patch Management
- 13.4 Vulnerability Assessment
- 13.5 Software Distribution
- 13.6 Software Uninstallation
Chapter 14: Category Management
- 14.1 Application Categories
- 14.2 Website Classification
- 14.3 Time Type Categories
- 14.4 Removable Storage Categories
- 14.5 Network Address Categories
- 14.6 Network Port Categories
- 14.7 Software Installation Package Rule Repository
- 14.8 Software Uninstallation Categories
- 14.9 Email Categories
- 14.10 Sensitive Information Classification Library
- 14.11 Watermark Templates
- 14.12 User Permission Template Categories
- 14.13 Condition Library
Chapter 15: Request Management
- 15.1 Desktop Request Management
- 15.2 Encryption Request Management
- 15.3 Superior Approval
- 15.4 Permission Viewing
- 15.5 Request Approval Permission Settings
- 15.6 Self-Record Permission Settings
- 15.7 Self-Record Logs
- 15.8 Desktop Request Document Upload Settings
- 15.9 Client Requests
- 15.10 Client Self-Approval
- 15.11 Proxy Administrator
Chapter 16: Network Access Detection
- 16.1 Starting Network Access Detection
- 16.2 Enabling Access Control
- 16.3 Other Settings
Chapter 17: Data Backup
- 17.1 Database Backup
- 17.2 Console Backup Management
Chapter 18: Tools
- 18.1 Account Management
- 18.2 Computer Management
- 18.3 USB Encryption Client Management
- 18.4 Alert Messages
- 18.5 Mail Report Settings
- 18.6 Network Access Gateway Management
- 18.7 Policy Application Query
- 18.8 Client Tools
- 18.9 Server Time
- 18.10 Relay Server Management
- 18.11 Policy and Library Synchronization Management
- 18.12 Organizational Structure Synchronization
- 18.13 Client Upgrade Management
- 18.14 Options
Chapter 19: User System Management
- 19.1 Server Configuration
- 19.2 Login Authentication
- 19.3 Associated Authentication
- 19.4 Associated Information
Chapter 20: Audit Console
- 20.1 Login to Audit Console
- 20.2 Audit Console Interface Overview
- 20.3 Using the Audit Console
Chapter 21: Document Security Management
- 21.1 Terminology Overview
- 21.2 Operation Workflow
- 21.3 Enable/Disable Encryption Authorization
- 21.4 Authorized Software Management
- 21.5 Secure Zone Management
- 21.6 External Release Object Management
- 21.7 External Release Configuration Template Management
- 21.8 Encryption Permission Settings
- 21.9 Encryption Parameter Settings
- 21.10 Long-Term Offline Authorization Settings
- 21.11 Secure Communication Settings
- 21.12 Encrypted Document Operation Logs
- 21.13 Full-Disk Scan
- 21.14 Document Management
- 21.15 Intelligent Terminal Management
- 21.16 USBKey Management
- 21.17 Backup Server Settings
- 21.18 Custom Keys
- 21.19 Encrypted Document Backup
Chapter 22: Windows Encrypted Client
- 22.1 Client Operating Status
- 22.2 File Explorer
- 22.3 Encrypted Document Scan Tool
- 22.4 Encrypted Files
- 22.5 Decrypt Files
- 22.6 Request Decryption
- 22.7 Read-Only Access
- 22.8 Export
- 22.9 Request Export
- 22.10 Export Extraction
- 22.11 Modify Encrypted Document Security Attributes
- 22.12 Modify Encrypted Document User Permissions
- 22.13 Request Change of Encrypted Document Attributes
- 22.14 View Document Attributes
- 22.15 Request Temporary Offline
- 22.16 View Request Information
- 22.17 Encrypted System Information
- 22.18 Offline Authorization Login
- 22.19 Import License File
- 22.20 Login and Logout of the Encryption System
- 22.21 Parameter Settings
- 22.22 Using the Encryption USBKey
- 22.23 Proxy Administrator
- 22.24 Force Update Policy
Chapter 23: Linux Encrypted Client
- 23.1 Encrypted Document Scanning Tool
- 23.2 Encryption
- 23.3 Decryption
- 23.4 Request Decryption
- 23.5 View Request Information
Chapter 24: Mac Encrypted Client
- 24.1 Encrypted Document Scanning Tool
- 24.2 Encryption
- 24.3 Decryption
- 24.4 Request Decryption
- 24.5 View Request Information
Chapter 25: USB Encrypted Client
- 25.1 Launch and Exit
- 25.2 Update Policy
Chapter 26: External Viewer
- 26.1 Installation
- 26.2 Authorization
- 26.3 Time Synchronization
- 26.4 USBKey Management
- 26.5 View External Documents
Chapter 27: Backup Encryption Server
- 27.1 Installation and Operation
- 27.2 Check Backup Server Status
- 27.3 Login Password Settings
- 27.4 Backup Server Configuration
- 27.5 View Client Status
- 27.6 View Connection List
- 27.7 Create Backup Mode Authorization File
- 27.8 Super Authorization
Chapter 28: Document Storage Request
- 28.1 Installation and Deployment
- 28.2 WEB Management
Chapter 29: Cloud Document Backup Server
- 29.1 Installation and Deployment
- 29.2 WEB Management Portal
- 29.3 WEB Audit Client
- 29.4 Cloud Document Backup Scan Tool
- 29.5 Cloud Document Backup Operation Logs
- 29.6 Upgrading the Cloud Document Backup Server
Chapter 30: Reporting System
- 30.1 Terminology
- 30.2 Reporting Console
- 30.3 Predefined Reports and Queries
- 30.4 General Report Settings
  - 30.4.1 Condition Settings
  - 30.4.2 Statistical Settings
- 30.5 Report Statistics Content
- 30.6 Template Management
- 30.7 Period Management
- 30.8 Indicator Management
- 30.9 Periodic Reports
- 30.10 Query
- 30.11 Historical Reports
- 30.12 Email Reports
- 30.13 Data Center
Chapter 31: WEB Console
- 31.1 Logging in to the WEB Console
- 31.2 Introduction to the WEB Console
- 31.3 Computer and User Operations
- 31.4 Policy Roles
- 31.5 Home
- 31.6 Statistics
- 31.7 Logs
- 31.8 Encryption Logs
- 31.9 Monitoring
- 31.10 Policies
- 31.11 Encryption Policies
- 31.12 Category Library
- 31.13 Settings
Chapter 32: WEB Approval
- 32.1 Desktop Request Management
- 32.2 Encryption Request Management
Chapter 33: WEB Reports
- 33.1 Home
- 33.2 Reports
- 33.3 Data Center
Chapter 34: Software Center
- 34.1 Installation & Deployment
- 34.2 Software Center Server
- 34.3 Software Center Client
- 34.4 Software Center Client Logs
Chapter 35: Security Viewer
- 35.1 Software and Hardware Requirements
- 35.2 Installation
- 35.3 Authorization
- 35.4 Viewing Encrypted Files
- 35.5 Encrypting/Decrypting Files
- 35.6 Sharing Files
- 35.7 Recent and Favorites
- 35.8 Settings
- 35.9 Resetting Password
Chapter 36: Security Approval App
- 36.1 Software and Hardware Requirements
- 36.2 Installation
- 36.3 Login
- 36.4 Application Management
- 36.5 Settings
- 36.6 Account
Chapter 37: Dedicated Burning Tool
- 37.1 Interface Overview
- 37.2 Burning
- 37.3 Configuration File
Chapter 38: Access Gateway
- 38.1 Network Architecture
- 38.2 Device Introduction
- 38.3 Device Deployment
- 38.4 Management Interface Overview
- 38.5 Home Page
- 38.6 Network Parameters
- 38.7 Access Gateway Configuration
- 38.8 Server Management
- 38.9 Guest Login Management
- 38.10 Status Information
- 38.11 System Management
- 38.12 Access Gateway Logs
- 38.13 Other Operations
- 38.14 Super Mode
- 38.15 Usage Example
Chapter 39: Secure Access Gateway
- 39.1 Network Architecture
- 39.2 Device Overview
- 39.3 Device Deployment
- 39.4 Basic Information
- 39.5 Network Parameters
- 39.6 Scope Settings
- 39.7 Application System Protection
- 39.8 File Sharing Protection
- 39.9 Status Information
- 39.10 System Tools
- 39.11 Super Mode
- 39.12 Usage Example

To help administrators manage internal documents, they first need to define text-based rules in the Sensitive Information Classification Library. The system uses these rules to automatically match internal documents and classify them. Combined with permissions set by the administrator for different document categories, the system can control and log the sharing and usage of documents based on their classification.

When setting text-based rules, administrators need to configure two types of categories: Feature Rules and Information Categories. Feature Rules define specific document-matching criteria, while Information Categories group different Feature Rules together to identify and classify documents.

Select "Category Management -> Sensitive Information Classification Library" to open the library window.

Operation	Description
New	Select the root node of Information Categories / Feature Rules, then choose "Action -> New" or click the New button on the toolbar to create a new Information Category or Feature Rule.
Search	Select "Action -> Search" or click the Search button on the toolbar to locate specific Feature Rules or Information Categories. Fuzzy search is supported.
Show Hidden Feature Rules	Feature Rules imported from the Keyword Extraction Tool are hidden by default. Select "Action -> Show Hidden Feature Rules" to view them.
Import	Select "Action -> Import" and choose a classification library file to import previously exported Information Categories or Feature Rules.
Export	Select "Action -> Export" to export specific Information Categories or Feature Rules. Export options include: Export All: Exports the entire Information Classification and Feature Rules library. Export Information Categories: Exports specified Information Categories along with the Feature Rules applied to them. Feature Rules not linked to these categories will not be exported. Export Feature Rules: Exports only the specified Feature Rules.

Information Category Settings

Operation	Description
Information Category Name	Administrators can define a custom name for the information category. Names must be unique.
Category Level	This defines the classification level of the information category, corresponding to the sensitivity level used by the Document Label feature. This option appears only if the Document Label module is installed. By default, the level is unset, meaning no document label is applied. Administrators can select an appropriate level as needed, allowing management policies to link sensitive information categories with document label levels. In the left-hand view of the Sensitive Information Classification Library, you can switch between Category View and Level View. In Level View, right-click an information category and select "Set Category Level" to modify its level.
Notes	Optional notes or description for the information category.
Rule Group	Feature Rules included in the information category; multiple rules can be selected.
Rule Weight	Default weight is 100. Administrators can adjust it to any integer between 0–100. A document matches the information category only when the sum of matched Feature Rule weights reaches or exceeds 100.

Feature Rule Settings

Operation	Description
Feature Rule Name	Administrators can define a custom name for the feature rule. Names cannot start with "@" and must be unique.
Type	Specifies the type of content the feature rule will identify, including File Name, File Type, File Size, File Content, and File Properties: File Name: Supports keyword or regular expression patterns. Uses the Include Content field (excluding Exclude Content values) to match the target file's name or storage path. File Type: Uses the Include Content field (excluding Exclude Content values) to perform a fuzzy match on the file header content. File Size: Specifies the file size in the Include Content field to match target files of that size. File Content: Supports keyword or regular expression patterns. Uses the Include Content field (excluding Exclude Content values) to match text within the document. File Properties: Applicable only to Office documents. Set the property name, data type, and property value to match document attributes such as creation time, modification time, author, etc.
Content Scope	For certain supported file types, you can refine the part of the file to be scanned. The default is Entire Content, but you can also choose Header/Footer Only or Body Only. Currently, header/footer and body-level scanning is supported for the following file types: doc, docx, xls, xlsx, ppt, pptx, wps, et, dps. If a rule is set to scan only the header/footer or only the body, files of unsupported types will be considered non-matching.
Deduplication	When enabled, if the same text appears multiple times in a document during matching with this feature rule, it is counted only once. If disabled, each occurrence is counted separately.
Case Sensitivity	When enabled, matching English text in the Include Content field is case-sensitive.
Hit Count	Specifies the minimum total number of occurrences of the text in Include Content required for a document to match this feature rule. Valid values are integers from 1 to 10,000. A document matches the rule only if the total occurrences meet or exceed this value.
Content Classification	Specifies the type of information in Include Content and Exclude Content. Options include Keyword and Regular Expression: Keyword: Matches text literally as entered in Include Content or Exclude Content. Regular Expression: Matches text in Include Content or Exclude Content using regular expressions.
Include Content	Defines the content used to match documents. Multiple entries are supported, separated by commas or line breaks. • Supports plain text or regular expressions. • For keywords, entries can be separated by commas or semicolons. • For regular expressions, entries must be separated by semicolons. The format varies depending on the selected content recognition type.
File Name	Content set here is used to match the target document's file name and storage path. Keyword: • Supports wildcards. • Use \ as the path separator. • If the content does not include \, only the file name is matched, not the path. • If the content includes \, both the file name and path are matched. Regular Expression: • Use \\ as the path separator. • If the content does not include \\, only the file name is matched. • If the content includes \\, both the file name and path are matched. Example: For a document located at D:\Company Confidential\Contract Documents\1025415\Sales Contract 2019.docx, only the following Include Content settings will match: 1. Contract Documents → No match 2. Company Confidential\ → Match 3. Sales Contract → Match 4. \d{7} → No match 5. \\\d{7} 6. \d{4} → Match
File Type	Content set here is used to match the target document's file type. If the predefined file types in the current feature rule library do not meet your needs, you can specify a custom file type using the following format: Offset \| File Header Signature, For example: 10\|87828101 Both the offset and file header signature are expressed in hexadecimal. A positive offset indicates the position from the start of the file, while a negative offset indicates the position from the end of the file. If the offset is 0, it can be omitted, and only the file header signature needs to be set (e.g., FFD8FF). How to obtain offset and file header: Install and open UltraEdit.exe.Drag the target file into the software.From the menu, select Edit -> Hex Functions -> Hex Edit. In general, it is recommended to open multiple files of the same type, compare their hex content, and select the portion that consistently appears as the file header signature, along with its corresponding offset, to improve file type matching accuracy.
File Content	Content set here is used to match the target document's text. Support for Keyword and Regular Expression is the same as for File Name.
Exclude Content	Specifies content that should be ignored during matching. The rules follow the same format as Include Content, and Exclude Content takes priority over Include Content.

The feature rule library already includes predefined rules for commonly used file types based on File Type. These predefined rules are displayed in blue and cannot be deleted or modified.

The predefined library includes the following file types:

Adobe Illustrator files, Altium Protel files, AutoCAD files, AnySecura encrypted files, Office files, PDF files, Photoshop files, Pro/ENGINEER files, SOLIDWORKS files, Visual Studio files, video files, image files, compressed files, and audio files.

Some types have hidden subtypes by default. To view them, select "Action -> Show Hidden Feature Rules."

When setting up an information category, users can either use existing predefined feature rules or right-click a feature rule and select "New Feature Identification" to create custom feature rules.

14.10 Sensitive Information Classification Library

Don't see what you're looking for?