Document Security Management: Secure Communication Settings

Chapter 1: Introduction
- 1.1 Preface
- 1.2 Features Overview
Chapter 2: Installation and Deployment
- 2.1 Basic Operating Framework
- 2.2 Software and Hardware Requirements
- 2.3 Installation and Deployment of Server and Console
- 2.4 Installing and Deploying the Repeater
- 2.5 Installing and Deploying the Web Server
- 2.6 Deploying the Client Module
- 2.7 Creating the USB Encryption Client
- 2.8 System Upgrade
- 2.9 Uninstallation
Chapter 3: Console
- 3.1 Console Login
- 3.2 Console Overview
- 3.3 Computer and User Operations
- 3.4 Policy Roles
- 3.5 Control
- 3.6 Auxiliary Functions
Chapter 4: Statistics
- 4.1 Application Statistics
- 4.2 Web Browsing Statistics
- 4.3 Network Traffic Statistics
Chapter 5: Logs
- 5.1 Basic Event Logs
- 5.2 Application Logs
- 5.3 Web Browsing Logs
- 5.4 Keyword Search Logs
- 5.5 Document Operation Logs
- 5.6 CD/DVD Burning Operation Logs
- 5.7 Shared Document Operation Logs
- 5.8 Remote Desktop Logs
- 5.9 Document Print Logs
- 5.10 Removable Storage Operation Logs
- 5.11 Asset Change Log
- 5.12 Windows System Logs
- 5.13 Policy Logs
- 5.14 System Event Logs
Chapter 6: Policies
- 6.1 Introduction to Policies
- 6.2 Basic Policies
- 6.3 Device Control Policies
- 6.4 Application Policies
- 6.5 Web Browsing Policies
- 6.6 Screen Recording Policies
- 6.7 Logging Policy
- 6.8 Remote Control Policies
- 6.9 Custom Configuration Policies
- 6.10 System Alert Policies
- 6.11 Network Traffic Control Policies
- 6.12 Network Control Policies
- 6.13 Email Control Policy
- 6.14 IM File Transfer Policy
- 6.15 Upload Control Policy
- 6.16 Document Operation Policy
- 6.17 Print Control Policy
- 6.18 Removable Storage Authorization Policy
- 6.19 Software Installation Management Policy
Chapter 7: Monitoring
- 7.1 Instant Messaging Content
- 7.2 Email Content
- 7.3 Real-Time Screen Monitoring
- 7.4 Multi-Screen Monitoring
- 7.5 Screen History Query
- 7.6 Screen History Viewer
Chapter 8: Remote Maintenance
- 8.1 Remote Maintenance
- 8.2 Remote Control
Chapter 9: Security Monitoring
- 9.1 All Security Conditions
- 9.2 Security Check Settings
- 9.3 Security Check Logs
- 9.4 Security Check Status
Chapter 10: Sensitive Information
- 10.1 Enable/Disable Sensitive Content Inspection Authorization
- 10.2 Sensitive Information Exfiltration Control Policy
- 10.3 Sensitive Information Local Control Policy
- 10.4 Document Label Policy
- 10.5 Document Classification Permission Policy
- 10.6 Sensitive Information Logs
- 10.7 Document Tag Logs
- 10.8 Sensitive Information Scanning Tools
- 10.9 Full-Disk Sensitive Information Scan Tasks
Chapter 11: Visual Perception
- 11.1 Enable/Disable Visual Perception Authorization
- 11.2 Visual Perception Settings
- 11.3 Capture Logs
- 11.4 Client Usage
Chapter 12: Watermarks
- 12.1 Watermark Policies
- 12.2 Watermark Logs
- 12.3 Watermark Code Query
- 12.4 Document Watermark Extraction
- 12.5 Document ID Scanning Task
Chapter 13: Asset Management
- 13.1 Asset Management
- 13.2 Software Version Management
- 13.3 Patch Management
- 13.4 Vulnerability Assessment
- 13.5 Software Distribution
- 13.6 Software Uninstallation
Chapter 14: Category Management
- 14.1 Application Categories
- 14.2 Website Classification
- 14.3 Time Type Categories
- 14.4 Removable Storage Categories
- 14.5 Network Address Categories
- 14.6 Network Port Categories
- 14.7 Software Installation Package Rule Repository
- 14.8 Software Uninstallation Categories
- 14.9 Email Categories
- 14.10 Sensitive Information Classification Library
- 14.11 Watermark Templates
- 14.12 User Permission Template Categories
- 14.13 Condition Library
Chapter 15: Request Management
- 15.1 Desktop Request Management
- 15.2 Encryption Request Management
- 15.3 Superior Approval
- 15.4 Permission Viewing
- 15.5 Request Approval Permission Settings
- 15.6 Self-Record Permission Settings
- 15.7 Self-Record Logs
- 15.8 Desktop Request Document Upload Settings
- 15.9 Client Requests
- 15.10 Client Self-Approval
- 15.11 Proxy Administrator
Chapter 16: Network Access Detection
- 16.1 Starting Network Access Detection
- 16.2 Enabling Access Control
- 16.3 Other Settings
Chapter 17: Data Backup
- 17.1 Database Backup
- 17.2 Console Backup Management
Chapter 18: Tools
- 18.1 Account Management
- 18.2 Computer Management
- 18.3 USB Encryption Client Management
- 18.4 Alert Messages
- 18.5 Mail Report Settings
- 18.6 Network Access Gateway Management
- 18.7 Policy Application Query
- 18.8 Client Tools
- 18.9 Server Time
- 18.10 Relay Server Management
- 18.11 Policy and Library Synchronization Management
- 18.12 Organizational Structure Synchronization
- 18.13 Client Upgrade Management
- 18.14 Options
Chapter 19: User System Management
- 19.1 Server Configuration
- 19.2 Login Authentication
- 19.3 Associated Authentication
- 19.4 Associated Information
Chapter 20: Audit Console
- 20.1 Login to Audit Console
- 20.2 Audit Console Interface Overview
- 20.3 Using the Audit Console
Chapter 21: Document Security Management
- 21.1 Terminology Overview
- 21.2 Operation Workflow
- 21.3 Enable/Disable Encryption Authorization
- 21.4 Authorized Software Management
- 21.5 Secure Zone Management
- 21.6 External Release Object Management
- 21.7 External Release Configuration Template Management
- 21.8 Encryption Permission Settings
- 21.9 Encryption Parameter Settings
- 21.10 Long-Term Offline Authorization Settings
- 21.11 Secure Communication Settings
- 21.12 Encrypted Document Operation Logs
- 21.13 Full-Disk Scan
- 21.14 Document Management
- 21.15 Intelligent Terminal Management
- 21.16 USBKey Management
- 21.17 Backup Server Settings
- 21.18 Custom Keys
- 21.19 Encrypted Document Backup
Chapter 22: Windows Encrypted Client
- 22.1 Client Operating Status
- 22.2 File Explorer
- 22.3 Encrypted Document Scan Tool
- 22.4 Encrypted Files
- 22.5 Decrypt Files
- 22.6 Request Decryption
- 22.7 Read-Only Access
- 22.8 Export
- 22.9 Request Export
- 22.10 Export Extraction
- 22.11 Modify Encrypted Document Security Attributes
- 22.12 Modify Encrypted Document User Permissions
- 22.13 Request Change of Encrypted Document Attributes
- 22.14 View Document Attributes
- 22.15 Request Temporary Offline
- 22.16 View Request Information
- 22.17 Encrypted System Information
- 22.18 Offline Authorization Login
- 22.19 Import License File
- 22.20 Login and Logout of the Encryption System
- 22.21 Parameter Settings
- 22.22 Using the Encryption USBKey
- 22.23 Proxy Administrator
- 22.24 Force Update Policy
Chapter 23: Linux Encrypted Client
- 23.1 Encrypted Document Scanning Tool
- 23.2 Encryption
- 23.3 Decryption
- 23.4 Request Decryption
- 23.5 View Request Information
Chapter 24: Mac Encrypted Client
- 24.1 Encrypted Document Scanning Tool
- 24.2 Encryption
- 24.3 Decryption
- 24.4 Request Decryption
- 24.5 View Request Information
Chapter 25: USB Encrypted Client
- 25.1 Launch and Exit
- 25.2 Update Policy
Chapter 26: External Viewer
- 26.1 Installation
- 26.2 Authorization
- 26.3 Time Synchronization
- 26.4 USBKey Management
- 26.5 View External Documents
Chapter 27: Backup Encryption Server
- 27.1 Installation and Operation
- 27.2 Check Backup Server Status
- 27.3 Login Password Settings
- 27.4 Backup Server Configuration
- 27.5 View Client Status
- 27.6 View Connection List
- 27.7 Create Backup Mode Authorization File
- 27.8 Super Authorization
Chapter 28: Document Storage Request
- 28.1 Installation and Deployment
- 28.2 WEB Management
Chapter 29: Cloud Document Backup Server
- 29.1 Installation and Deployment
- 29.2 WEB Management Portal
- 29.3 WEB Audit Client
- 29.4 Cloud Document Backup Scan Tool
- 29.5 Cloud Document Backup Operation Logs
- 29.6 Upgrading the Cloud Document Backup Server
Chapter 30: Reporting System
- 30.1 Terminology
- 30.2 Reporting Console
- 30.3 Predefined Reports and Queries
- 30.4 General Report Settings
  - 30.4.1 Condition Settings
  - 30.4.2 Statistical Settings
- 30.5 Report Statistics Content
- 30.6 Template Management
- 30.7 Period Management
- 30.8 Indicator Management
- 30.9 Periodic Reports
- 30.10 Query
- 30.11 Historical Reports
- 30.12 Email Reports
- 30.13 Data Center
Chapter 31: WEB Console
- 31.1 Logging in to the WEB Console
- 31.2 Introduction to the WEB Console
- 31.3 Computer and User Operations
- 31.4 Policy Roles
- 31.5 Home
- 31.6 Statistics
- 31.7 Logs
- 31.8 Encryption Logs
- 31.9 Monitoring
- 31.10 Policies
- 31.11 Encryption Policies
- 31.12 Category Library
- 31.13 Settings
Chapter 32: WEB Approval
- 32.1 Desktop Request Management
- 32.2 Encryption Request Management
Chapter 33: WEB Reports
- 33.1 Home
- 33.2 Reports
- 33.3 Data Center
Chapter 34: Software Center
- 34.1 Installation & Deployment
- 34.2 Software Center Server
- 34.3 Software Center Client
- 34.4 Software Center Client Logs
Chapter 35: Security Viewer
- 35.1 Software and Hardware Requirements
- 35.2 Installation
- 35.3 Authorization
- 35.4 Viewing Encrypted Files
- 35.5 Encrypting/Decrypting Files
- 35.6 Sharing Files
- 35.7 Recent and Favorites
- 35.8 Settings
- 35.9 Resetting Password
Chapter 36: Security Approval App
- 36.1 Software and Hardware Requirements
- 36.2 Installation
- 36.3 Login
- 36.4 Application Management
- 36.5 Settings
- 36.6 Account
Chapter 37: Dedicated Burning Tool
- 37.1 Interface Overview
- 37.2 Burning
- 37.3 Configuration File
Chapter 38: Access Gateway
- 38.1 Network Architecture
- 38.2 Device Introduction
- 38.3 Device Deployment
- 38.4 Management Interface Overview
- 38.5 Home Page
- 38.6 Network Parameters
- 38.7 Access Gateway Configuration
- 38.8 Server Management
- 38.9 Guest Login Management
- 38.10 Status Information
- 38.11 System Management
- 38.12 Access Gateway Logs
- 38.13 Other Operations
- 38.14 Super Mode
- 38.15 Usage Example
Chapter 39: Secure Access Gateway
- 39.1 Network Architecture
- 39.2 Device Overview
- 39.3 Device Deployment
- 39.4 Basic Information
- 39.5 Network Parameters
- 39.6 Scope Settings
- 39.7 Application System Protection
- 39.8 File Sharing Protection
- 39.9 Status Information
- 39.10 System Tools
- 39.11 Super Mode
- 39.12 Usage Example

21.11 Secure Communication Settings

Secure communication settings work with the hardware security gateway. This policy must be configured only after the security gateway is deployed; otherwise, issues such as inability to access the internet may occur.

Icon Button	Description
	Modify secure communication settings.
	Delete secure communication settings.
	Options include exporting policy files, importing policy files, or copying the current policy to other clients.

When configuring secure communication settings, the "Application System Protection" and "Network Shared Document Protection" options support inheritance from parent group policies.

If inheritance from the parent policy is disabled, only the object's own policy applies.

If inheritance is enabled, the object's policy is combined with the parent's policy.

If the parent also has inheritance enabled, the policy continues to inherit from higher-level parent groups.

If a parent disables inheritance, the policy stops inheriting beyond that level, applying only the parent's policy.

Inheritance between "Application System Protection" and "Network Shared Document Protection" is independent.

Detailed setting descriptions:

Application System Protection

Settings Option	Description
Policy Inheritance	Choose from the dropdown: "Do not inherit parent policy" or "Inherit parent policy." By default, new policies are set to "Inherit parent policy + Application System Protection disabled." Inheriting the parent policy combines policies across objects; disabling inheritance applies only the object's own policy.
Enable Application System Protection	Check this option to enable protection for the client’s application system.
Secure Process Window Label	Enter specific text (e.g., "Secure Process") to display on the process window when the secure process is opened.
Exception Network Range	For secure processes in forced mode, only protected application system servers can be accessed; other network addresses are blocked. To allow access to additional networks, define them as exception ranges. Supports IP ranges, domain names, and multiple entries separated by commas (e.g., 192.168.1.1-192.168.1.100,192.168.2.102,development.tec).
Secure Process	To configure a secure process, click the to add it, and enter the process name and encryption mode. Process Name: Enter the name(s) of the process(es) to be set as secure. Multiple process names can be entered in one configuration, separated by commas (e.g., iexplore.exe, TortoiseProc.exe). When saved, multiple entries will automatically be split into separate configurations. Encryption Mode: Divided into Forced Mode, Smart Mode, and Smart Browser Mode. Forced Mode: The secure process can only access protected application servers and servers within the exception network range; all other addresses are blocked. Files uploaded to protected servers or exception network servers are decrypted, and files downloaded are encrypted. Smart Mode: The secure process can access both protected servers and exception network servers, as well as other non-protected servers. If the process has not accessed a protected server since startup, files uploaded or downloaded to non-protected servers or exception network servers are transferred without encryption/decryption. If the process has accessed a protected server, subsequent uploads to non-protected or exception servers are decrypted, and downloads are encrypted. Smart Browser Mode: The secure process can access protected servers, exception addresses, and other non-protected addresses. Regardless of whether it has accessed a protected server, files uploaded or downloaded to non-protected or exception servers are transferred without encryption/decryption. If Smart Mode is selected, the related Smart Mode Settings must be configured.
Smart Mode Settings	This setting applies only to secure processes configured in Smart Mode.
Protected Servers	Enter the protected application system servers. Multiple servers can be added, separated by semicolons, commas, or line breaks. Supported formats include: - IP:Port (e.g., 192.168.2.104:8080) - IP:Port Range (e.g., 192.168.2.104:8080-8079) - IP Range:Port (e.g., 192.168.2.1-192.168.2.255:8080) - IP Range:Port Range (e.g., 192.168.2.1-192.168.2.255:1000-8079) - Domain name (e.g., jira5.development.tec) Note: Protected servers set here must match the protected application system servers configured in the security gateway. Otherwise, smart mode secure processes cannot access the protected servers.
Upload Control	Check this option to control file uploads.
Upload Size Limit	Set the maximum file size allowed for upload. Files exceeding this size will be blocked.
Upload Control Whitelist	Specify whitelist addresses; files uploaded to these addresses are not restricted when upload control is enabled. Multiple entries are supported, separated by semicolons, commas, or line breaks. Supported formats include: - IP:Port (e.g., 192.168.2.104:8080) - IP:Port Range (e.g., 192.168.2.104:8080-8079) - IP Range:Port (e.g., 192.168.2.1-192.168.2.255:8080) - IP Range:Port Range (e.g., 192.168.2.1-192.168.2.255:1000-8079) - Domain name (e.g., jira5.development.tec)

Note:

In Smart Browser Mode:Windows supports only IE, Google Chrome, 360 Secure Browser, 360 Extreme Browser, Firefox, and Edge.Mac supports only Google Chrome and Safari.Linux does not support Smart Browser Mode.

After configuring secure communication settings, you can preview the policy effects for a selected object. In the preview page, Application System Protection is divided into two sections: Policy Settings and Policy Execution Effect. The execution effect shows the object's final combined policy and its source.

If inheritance from the parent group policy is enabled, the object's policy is combined with the parent's policy. The combination rules are as follows:

1. For check-type settings (e.g., "Enable Application System Protection," "Upload Control" in Smart Mode), if any inherited policy is checked, the final combined effect is checked.

2. For other input-type settings (e.g., "Secure Process Window Label," "Exception Network Range," "Secure Processes," "Smart Mode Settings"), non-conflicting entries are combined, while conflicting entries are resolved according to policy priority; the setting from the highest-priority policy becomes the final combined effect.

Settings Option	Description
Policy Inheritance	Choose from the dropdown: "Do not inherit parent policy" or "Inherit parent policy." By default, new policies are set to "Inherit parent policy + Network Shared Document Protection disabled." Inheriting the parent policy combines policies across objects; disabling inheritance applies only the object's own policy.
Enable Network Shared Document Directory Protection	Check this option to enable protection for network shared document directories on the client.
Security Gateway Address	Set the IP address of the security gateway. Click the to add.
Protected Shared Document Directory	Set the protected shared document directories. Click the to add and enter the exact directory path (e.g., \\192.168.1.1\release\). Wildcards are not supported.
File Whitelist Settings	Files added to the file whitelist can be copied from protected network shared document directories without encryption. - Check PE Files to include executable files (e.g., .exe, .dll) in the whitelist. - Check Specified File Types and enter file types. Multiple types can be entered, separated by commas (e.g., .txt, .png). These file types will be added to the whitelist.
Process Whitelist Settings	Only authorized processes can directly open files in protected network shared document directories. To allow non-authorized processes to open files, configure the process whitelist. - Enter process names, supporting wildcards and multiple entries separated by commas (e.g., notepad.exe, *word.exe).

Settings Option

Description

Policy Inheritance

Choose from the dropdown: "Do not inherit parent policy" or "Inherit parent policy." By default, new policies are set to "Inherit parent policy + Network Shared Document Protection disabled." Inheriting the parent policy combines policies across objects; disabling inheritance applies only the object's own policy.

Enable Network Shared Document Directory Protection

Check this option to enable protection for network shared document directories on the client.

Security Gateway Address

Set the IP address of the security gateway. Click the Add

to add.

Protected Shared Document Directory

Set the protected shared document directories. Click the Add

to add and enter the exact directory path (e.g., \\192.168.1.1\release\). Wildcards are not supported.

File Whitelist Settings

Files added to the file whitelist can be copied from protected network shared document directories without encryption.
- Check PE Files to include executable files (e.g., .exe, .dll) in the whitelist.
- Check Specified File Types and enter file types. Multiple types can be entered, separated by commas (e.g., *.txt, *.png). These file types will be added to the whitelist.

Process Whitelist Settings

Only authorized processes can directly open files in protected network shared document directories. To allow non-authorized processes to open files, configure the process whitelist.
- Enter process names, supporting wildcards and multiple entries separated by commas (e.g., notepad.exe, *word.exe).

21.11 Secure Communication Settings

Detailed setting descriptions:

Application System Protection

Network Shared Document Protection

Don't see what you're looking for?