6.1 Introduction to Policies

Chapter 1: Introduction
- 1.1 Preface
- 1.2 Features Overview
Chapter 2: Installation and Deployment
- 2.1 Basic Operating Framework
- 2.2 Software and Hardware Requirements
- 2.3 Installation and Deployment of Server and Console
- 2.4 Installing and Deploying the Repeater
- 2.5 Installing and Deploying the Web Server
- 2.6 Deploying the Client Module
- 2.7 Creating the USB Encryption Client
- 2.8 System Upgrade
- 2.9 Uninstallation
Chapter 3: Console
- 3.1 Console Login
- 3.2 Console Overview
- 3.3 Computer and User Operations
- 3.4 Policy Roles
- 3.5 Control
- 3.6 Auxiliary Functions
Chapter 4: Statistics
- 4.1 Application Statistics
- 4.2 Web Browsing Statistics
- 4.3 Network Traffic Statistics
Chapter 5: Logs
- 5.1 Basic Event Logs
- 5.2 Application Logs
- 5.3 Web Browsing Logs
- 5.4 Keyword Search Logs
- 5.5 Document Operation Logs
- 5.6 CD/DVD Burning Operation Logs
- 5.7 Shared Document Operation Logs
- 5.8 Remote Desktop Logs
- 5.9 Document Print Logs
- 5.10 Removable Storage Operation Logs
- 5.11 Asset Change Log
- 5.12 Windows System Logs
- 5.13 Policy Logs
- 5.14 System Event Logs
Chapter 6: Policies
- 6.1 Introduction to Policies
- 6.2 Basic Policies
- 6.3 Device Control Policies
- 6.4 Application Policies
- 6.5 Web Browsing Policies
- 6.6 Screen Recording Policies
- 6.7 Logging Policy
- 6.8 Remote Control Policies
- 6.9 Custom Configuration Policies
- 6.10 System Alert Policies
- 6.11 Network Traffic Control Policies
- 6.12 Network Control Policies
- 6.13 Email Control Policy
- 6.14 IM File Transfer Policy
- 6.15 Upload Control Policy
- 6.16 Document Operation Policy
- 6.17 Print Control Policy
- 6.18 Removable Storage Authorization Policy
- 6.19 Software Installation Management Policy
Chapter 7: Monitoring
- 7.1 Instant Messaging Content
- 7.2 Email Content
- 7.3 Real-Time Screen Monitoring
- 7.4 Multi-Screen Monitoring
- 7.5 Screen History Query
- 7.6 Screen History Viewer
Chapter 8: Remote Maintenance
- 8.1 Remote Maintenance
- 8.2 Remote Control
Chapter 9: Security Monitoring
- 9.1 All Security Conditions
- 9.2 Security Check Settings
- 9.3 Security Check Logs
- 9.4 Security Check Status
Chapter 10: Sensitive Information
- 10.1 Enable/Disable Sensitive Content Inspection Authorization
- 10.2 Sensitive Information Exfiltration Control Policy
- 10.3 Sensitive Information Local Control Policy
- 10.4 Document Label Policy
- 10.5 Document Classification Permission Policy
- 10.6 Sensitive Information Logs
- 10.7 Document Tag Logs
- 10.8 Sensitive Information Scanning Tools
- 10.9 Full-Disk Sensitive Information Scan Tasks
Chapter 11: Visual Perception
- 11.1 Enable/Disable Visual Perception Authorization
- 11.2 Visual Perception Settings
- 11.3 Capture Logs
- 11.4 Client Usage
Chapter 12: Watermarks
- 12.1 Watermark Policies
- 12.2 Watermark Logs
- 12.3 Watermark Code Query
- 12.4 Document Watermark Extraction
- 12.5 Document ID Scanning Task
Chapter 13: Asset Management
- 13.1 Asset Management
- 13.2 Software Version Management
- 13.3 Patch Management
- 13.4 Vulnerability Assessment
- 13.5 Software Distribution
- 13.6 Software Uninstallation
Chapter 14: Category Management
- 14.1 Application Categories
- 14.2 Website Classification
- 14.3 Time Type Categories
- 14.4 Removable Storage Categories
- 14.5 Network Address Categories
- 14.6 Network Port Categories
- 14.7 Software Installation Package Rule Repository
- 14.8 Software Uninstallation Categories
- 14.9 Email Categories
- 14.10 Sensitive Information Classification Library
- 14.11 Watermark Templates
- 14.12 User Permission Template Categories
- 14.13 Condition Library
Chapter 15: Request Management
- 15.1 Desktop Request Management
- 15.2 Encryption Request Management
- 15.3 Superior Approval
- 15.4 Permission Viewing
- 15.5 Request Approval Permission Settings
- 15.6 Self-Record Permission Settings
- 15.7 Self-Record Logs
- 15.8 Desktop Request Document Upload Settings
- 15.9 Client Requests
- 15.10 Client Self-Approval
- 15.11 Proxy Administrator
Chapter 16: Network Access Detection
- 16.1 Starting Network Access Detection
- 16.2 Enabling Access Control
- 16.3 Other Settings
Chapter 17: Data Backup
- 17.1 Database Backup
- 17.2 Console Backup Management
Chapter 18: Tools
- 18.1 Account Management
- 18.2 Computer Management
- 18.3 USB Encryption Client Management
- 18.4 Alert Messages
- 18.5 Mail Report Settings
- 18.6 Network Access Gateway Management
- 18.7 Policy Application Query
- 18.8 Client Tools
- 18.9 Server Time
- 18.10 Relay Server Management
- 18.11 Policy and Library Synchronization Management
- 18.12 Organizational Structure Synchronization
- 18.13 Client Upgrade Management
- 18.14 Options
Chapter 19: User System Management
- 19.1 Server Configuration
- 19.2 Login Authentication
- 19.3 Associated Authentication
- 19.4 Associated Information
Chapter 20: Audit Console
- 20.1 Login to Audit Console
- 20.2 Audit Console Interface Overview
- 20.3 Using the Audit Console
Chapter 21: Document Security Management
- 21.1 Terminology Overview
- 21.2 Operation Workflow
- 21.3 Enable/Disable Encryption Authorization
- 21.4 Authorized Software Management
- 21.5 Secure Zone Management
- 21.6 External Release Object Management
- 21.7 External Release Configuration Template Management
- 21.8 Encryption Permission Settings
- 21.9 Encryption Parameter Settings
- 21.10 Long-Term Offline Authorization Settings
- 21.11 Secure Communication Settings
- 21.12 Encrypted Document Operation Logs
- 21.13 Full-Disk Scan
- 21.14 Document Management
- 21.15 Intelligent Terminal Management
- 21.16 USBKey Management
- 21.17 Backup Server Settings
- 21.18 Custom Keys
- 21.19 Encrypted Document Backup
Chapter 22: Windows Encrypted Client
- 22.1 Client Operating Status
- 22.2 File Explorer
- 22.3 Encrypted Document Scan Tool
- 22.4 Encrypted Files
- 22.5 Decrypt Files
- 22.6 Request Decryption
- 22.7 Read-Only Access
- 22.8 Export
- 22.9 Request Export
- 22.10 Export Extraction
- 22.11 Modify Encrypted Document Security Attributes
- 22.12 Modify Encrypted Document User Permissions
- 22.13 Request Change of Encrypted Document Attributes
- 22.14 View Document Attributes
- 22.15 Request Temporary Offline
- 22.16 View Request Information
- 22.17 Encrypted System Information
- 22.18 Offline Authorization Login
- 22.19 Import License File
- 22.20 Login and Logout of the Encryption System
- 22.21 Parameter Settings
- 22.22 Using the Encryption USBKey
- 22.23 Proxy Administrator
- 22.24 Force Update Policy
Chapter 23: Linux Encrypted Client
- 23.1 Encrypted Document Scanning Tool
- 23.2 Encryption
- 23.3 Decryption
- 23.4 Request Decryption
- 23.5 View Request Information
Chapter 24: Mac Encrypted Client
- 24.1 Encrypted Document Scanning Tool
- 24.2 Encryption
- 24.3 Decryption
- 24.4 Request Decryption
- 24.5 View Request Information
Chapter 25: USB Encrypted Client
- 25.1 Launch and Exit
- 25.2 Update Policy
Chapter 26: External Viewer
- 26.1 Installation
- 26.2 Authorization
- 26.3 Time Synchronization
- 26.4 USBKey Management
- 26.5 View External Documents
Chapter 27: Backup Encryption Server
- 27.1 Installation and Operation
- 27.2 Check Backup Server Status
- 27.3 Login Password Settings
- 27.4 Backup Server Configuration
- 27.5 View Client Status
- 27.6 View Connection List
- 27.7 Create Backup Mode Authorization File
- 27.8 Super Authorization
Chapter 28: Document Storage Request
- 28.1 Installation and Deployment
- 28.2 WEB Management
Chapter 29: Cloud Document Backup Server
- 29.1 Installation and Deployment
- 29.2 WEB Management Portal
- 29.3 WEB Audit Client
- 29.4 Cloud Document Backup Scan Tool
- 29.5 Cloud Document Backup Operation Logs
- 29.6 Upgrading the Cloud Document Backup Server
Chapter 30: Reporting System
- 30.1 Terminology
- 30.2 Reporting Console
- 30.3 Predefined Reports and Queries
- 30.4 General Report Settings
  - 30.4.1 Condition Settings
  - 30.4.2 Statistical Settings
- 30.5 Report Statistics Content
- 30.6 Template Management
- 30.7 Period Management
- 30.8 Indicator Management
- 30.9 Periodic Reports
- 30.10 Query
- 30.11 Historical Reports
- 30.12 Email Reports
- 30.13 Data Center
Chapter 31: WEB Console
- 31.1 Logging in to the WEB Console
- 31.2 Introduction to the WEB Console
- 31.3 Computer and User Operations
- 31.4 Policy Roles
- 31.5 Home
- 31.6 Statistics
- 31.7 Logs
- 31.8 Encryption Logs
- 31.9 Monitoring
- 31.10 Policies
- 31.11 Encryption Policies
- 31.12 Category Library
- 31.13 Settings
Chapter 32: WEB Approval
- 32.1 Desktop Request Management
- 32.2 Encryption Request Management
Chapter 33: WEB Reports
- 33.1 Home
- 33.2 Reports
- 33.3 Data Center
Chapter 34: Software Center
- 34.1 Installation & Deployment
- 34.2 Software Center Server
- 34.3 Software Center Client
- 34.4 Software Center Client Logs
Chapter 35: Security Viewer
- 35.1 Software and Hardware Requirements
- 35.2 Installation
- 35.3 Authorization
- 35.4 Viewing Encrypted Files
- 35.5 Encrypting/Decrypting Files
- 35.6 Sharing Files
- 35.7 Recent and Favorites
- 35.8 Settings
- 35.9 Resetting Password
Chapter 36: Security Approval App
- 36.1 Software and Hardware Requirements
- 36.2 Installation
- 36.3 Login
- 36.4 Application Management
- 36.5 Settings
- 36.6 Account
Chapter 37: Dedicated Burning Tool
- 37.1 Interface Overview
- 37.2 Burning
- 37.3 Configuration File
Chapter 38: Access Gateway
- 38.1 Network Architecture
- 38.2 Device Introduction
- 38.3 Device Deployment
- 38.4 Management Interface Overview
- 38.5 Home Page
- 38.6 Network Parameters
- 38.7 Access Gateway Configuration
- 38.8 Server Management
- 38.9 Guest Login Management
- 38.10 Status Information
- 38.11 System Management
- 38.12 Access Gateway Logs
- 38.13 Other Operations
- 38.14 Super Mode
- 38.15 Usage Example
Chapter 39: Secure Access Gateway
- 39.1 Network Architecture
- 39.2 Device Overview
- 39.3 Device Deployment
- 39.4 Basic Information
- 39.5 Network Parameters
- 39.6 Scope Settings
- 39.7 Application System Protection
- 39.8 File Sharing Protection
- 39.9 Status Information
- 39.10 System Tools
- 39.11 Super Mode
- 39.12 Usage Example

Attribute	Description
Name	A user-defined description of the policy. It has no impact on execution. When adding a new policy, the console generates a default name, which administrators can modify.
Policy Level	Defines the priority of execution: Normal, High, or Critical. When policies of the same type overlap, execution follows the order: Critical > High > Normal. Note that user policies always take precedence over computer policies, regardless of level.
Time	Specifies when the policy is active. By default, it applies all day. Administrators can choose a predefined time type (configured in Category Management → Time Types) or define a custom time range directly.
Mode	Determines the action taken when policy conditions are met: Deny, Allow, Ignore, or No Action. (See section on modes for details.)
Action	Specifies additional responses triggered with the policy, including Alert, Warning, or Computer Lock. These can be applied individually or in combination. (See section on actions for details.)
Expiration	Defines when the policy ends. By default, policies are set to Always Active. To set an expiration, enable the option and specify a valid time (later than the current system time). Expired policies are displayed in dark grey with the expiration date shown in red.
Offline Only	Determines whether the policy applies only when the client cannot connect to the server (e.g., due to business travel, working from home, or network issues). If unchecked, the policy remains active at all times.
Advanced Conditions	Allows policies to be applied only under certain system or device conditions (e.g., OS type, device category). Conditions can be set directly through an expression or selected from the predefined Condition Library in Category Management.

Mode	Description
Allow	Permits the specified operation. Once a policy matches this mode, the action is allowed and no further policies are evaluated.
Deny	Blocks the specified operation. Once a policy matches this mode, the action is denied and no further policies are evaluated.
Ignore	Neither explicitly allows nor denies the operation. The policy actions (e.g., alerts, warnings) are executed, but evaluation continues with subsequent policies to determine whether the operation is ultimately allowed or denied.
No Action	Neither allows nor denies the operation, typically used in basic or device-specific policies. Once matched, the system takes no allow/deny decision and does not evaluate further policies.

Action	Description
Alert	Sends an alert from the client to the server. The console displays a pop-up notification to inform administrators, and the alert is also recorded in the policy log. Administrators can configure whether alert bubbles appear via Tools → Options → Real-Time Alerts → Bubble Settings, and view active alerts under Tools → Alerts. Alerts can be set to three severity levels: Low, Important, and Critical.
Warning	Displays a dialog box on the client, notifying the user that a restricted action was attempted. Administrators can customize the warning message shown to end users.
Lock Computer	Automatically locks the client machine, preventing any further operations by the user. Administrators can unlock the machine via Console → Control → Unlock.
Screen Capture	Captures the client's screen immediately when a policy is triggered. By default, three screenshots are taken at two-second intervals. Captured images can be reviewed under Screen History.

Icon Button	Description
	New:Click to add a new policy.
	Move Up:Moves the selected policy up one position.
	Move Down:Moves the selected policy down one position.
	Delete:Deletes the selected policy.
	Cancel:Cancels a new or modified policy.
	Save:Saves the policy. Changes take effect only after saving.
	Allow:Indicates the policy mode is Allow.
	Deny:Indicates the policy mode is Deny.
	Ignore:Indicates the policy mode is Ignore.
	No Action:Indicates the policy mode is No Action.
	Alert:The policy triggers an alert.
	Warning:The policy triggers a warning.
	Lock Computer:The policy locks the client computer.
	Expiration:The policy has a set expiration time.

6.1 Introduction to Policies

Common Policy Attributes

Policy Modes

Policy Actions

Policy Matching Priority

Policy Icon Guide

Don't see what you're looking for?