| Action |
Controls the operation for file transfers that trigger the policy.
Options:
- Block: Scans file for sensitive content and blocks the transfer; stops matching subsequent policies.
- Allow: Scans file and allows the transfer; stops matching subsequent policies.
- Ignore: Scans file but ignores the result; continues matching subsequent policies.
- No Action: Does not scan the file; equivalent to not controlling sensitive transfers; stops matching subsequent policies.
|
| Record Screen |
When checked, records the client screen when the policy is triggered. View logs under Sensitive Info → Sensitive Info Logs, right-click → View Screen Log. |
| Add Watermark |
Available with the "Watermark & Traceability" module. Apply a watermark template to files triggered by the policy. |
| Encrypt |
Available with the "Encryption" module. Can only be enabled if the policy action is Ignore or Allow. Encrypted files follow the specified document permissions and access settings. |
| Expiration Date |
Policies are valid indefinitely by default. Enabling and setting an expiration date will deactivate the policy after the specified time. |
| Sensitive Info |
Specifies the sensitive content for the policy. |
| Sensitive Content |
Select categories from Classification Management → Sensitive Info Library. Clients will scan files to detect matches.
Note: Sensitive content control requires enabling Sensitive Content Recognition Authorization on the client. |
| Document Tag |
Files matching the specified document tag are considered matched by the policy. |
| Document Classification |
Files with classification within the specified range are considered matched by the policy. |
| Match Any Condition |
By default, all conditions must be satisfied. Check this to trigger the policy if any single condition is met. |
| File Name |
Documents can be controlled based on file path or name. By default, this is empty, which means all documents are included. Wildcards are supported. |
| MD5 |
Specifies document MD5 values for matching. Format: MD5:[full MD5], e.g., MD5:a6616067d6df8a43e171f0e40e79a301. Multiple MD5 values can be separated by ';' or ','. Case-insensitive. Wildcards and fuzzy matching are not supported. |
| Min File Size |
Minimum file size in KB. |
| Max File Size |
Maximum file size in KB. |
| Backup Copy |
When checked, backup triggered files. View under Logs → Document Operation Logs. |
| Application |
Specifies the application used for file transfer. Default is all. Can select individual apps or app categories. |
| Copy to Removable Drive |
Controls files copied to removable drives. |
| Copy to Network Drive |
Control file sending to network shared path; defaults to controlling all network shared paths, customizable support; |
| Include Path |
Network paths to include in scanning and policy control. Format: \\server\temp or \\server\temp\*. Do not end with \. |
| Exclude Path |
Network paths excluded from scanning and control. Multiple paths supported. |
| IM Transfer |
Controls documents sent via instant messaging tools. |
| IM Tools |
Supported tools: QQ, ICQ, MSNMessenger, YAHOO, TM, Lanxin, SKYPE, RTX, LSC, ALI, FETION, Google Talk, Baidu Hi, 263EM, FeiQiu, MSNLite, Marketing QQ, Enterprise QQ, Lianwo LINE, Qunying CC, LYNC, Enterprise WeChat, Activity Message, KK, IMO, DingTalk, Feishu, Zalo, WhatsApp, Microsoft Teams. |
| IM Chat Messages |
Controls the content of messages in IM tools. |
| Supported IM Tools |
Supported tools: QQ, ICQ, MSNMessenger, YAHOO, TM, Lanxin, SKYPE, RTX, LSC, ALI, FETION, Google Talk, Baidu Hi, 263EM, FeiQiu, MSNLite, Marketing QQ, Enterprise QQ, Lianwo LINE, Qunying CC, LYNC, Enterprise WeChat, Activity Message, KK, IMO, DingTalk, Feishu, Zalo, WhatsApp, Microsoft Teams. |
| Send/Receive |
Sets the message direction to monitor. Default is all, meaning both sent and received messages are checked. Can choose to monitor only sent or only received messages. |
| Detection Scope |
Determines the scope of messages to check:
- Single Session: Monitors each conversation for the same account individually.
- Merge All Sessions: Combines all conversations of the same account for detection.
|
| Record Context |
When checked, records the context of sensitive information, viewable in the AnySecura sensitive information log. |
| Max Context Entries |
Maximum number of context entries recorded for sensitive information. Default is 5 for each context type; can be adjusted to a custom value. |
| Sending Emails |
Controls email content matching sensitive information. |
| Sender |
Specify email addresses to monitor. Can select from email classification library or enter manually. |
| Recipient |
Specify recipient addresses. Can select from email classification library or enter manually. |
| Match Any Recipient |
If checked, the policy applies if at least one recipient matches. If unchecked, all recipients must match to trigger the policy. |
| Scan Email Body Only |
If checked, only the email body is scanned; otherwise, both body and attachments are scanned. |
| Upload Control |
Controls documents uploaded via browsers, Baidu Netdisk, or Weiyun clients that match sensitive content. |
| Websites / Network Addresses |
Specify URLs to monitor browser uploads. Supports wildcard (*), e.g., *baidu.com. Multiple URLs can be separated by commas. |
