Data Control Settings

Applies To: WatchGuard Data Control

In a Data Control settings profile, you configure the settings to monitor personal data on your computers.

To search for personal data in Microsoft Office documents, computers must have the Microsoft Filter Pack installed. To find computers on the network without some or all of the required components, click Check Now in the yellow warning box. For more information, see Data Control Requirements.

Screen shot of WatchGuard EPDR, Data Control settings

To configure Data Control settings:

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Settings.
  3. From the left pane, select Data Control.
  4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
    The Add Settings or Edit Settings page opens.
  5. Enter a Name and Description for the profile, if required.
  6. In the Personal Data section, to keep an up-to-date inventory of all personal data stored on the computers (personal ID numbers, email addresses, bank account numbers, and so on), enable Generate and Keep an Up-to-Date Inventory of Personal Data. For more information, see About Personally Identifiable Information (PII) in Data Control.
    For the files with Personally Identifiable Information (PII) stored on a specific computer to appear in the dashboard, the inventory process must complete on that computer. For more information, see Data Control Dashboard.
  7. To monitor the process actions executed on the files with PII stored on computers, enable Monitor Personal Data on Disk.
  8. To monitor the actions executed on the personal data stored in email attachments, enable Monitor Personal Data in Email.
  9. To enable Data Control to search for indexed files by name or content, enable Allow Data Searches on Computers.
    For more information, see About Data Control Search.
  10. Add exclusions, if required.
    For more information, see Add Exclusions to the Indexing Process.
  11. Configure rule-based monitoring.
    For more information, see Configure Rule-Based Monitoring of Files.
  12. In the Advanced Indexing Options section, configure the indexing content and schedule.
    For more information, see Configure Advanced Indexing in Data Control.
  13. In the Write to Removable Storage Devices section, enable or disable Allow write to removable drives only when the drive is encrypted.
    If you enable this option, it is not possible to write to unencrypted removable drives.
  14. Click Save.
  15. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

Add Exclusions to the Indexing Process

In the Data Control settings, you can exclude files that you do not want to index.

Screen shot of WatchGuard EPDR, Data Control exclusions

To add exclusions:

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Settings.
  3. From the left pane, select Data Control.
  4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
    The Add Settings or Edit Settings page opens.
  5. Click Personal Data.
  6. In the Exclusions section, enter file extensions, file names, and folder names that you want Data Control to exclude.
    • Extensions — Enter the extensions of files to exclude (for example, .docx, .csv).
    • Files — Enter the names of the files to exclude. You can use the wildcard characters ? and * (for example, *PAYROLL*, *CV*).
    • Folders — Enter the folders you want to exclude. You can use system variables and the wildcard characters ? and * (for example, HR, Invoices). For more information, see Data Control Search Syntax.
  7. Click Save.
  8. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

Configure Rule-Based Monitoring of Files

You can define rules for Data Control to monitor files not classified as PII. You can define up to ten rules, each with a unique name.

The rules you define here affect the Data Control dashboards in the Advanced Visualization Tool. For more information, see About Data Control Advanced Visualization.

The Monitoring Rules section shows a list of default file extensions to which monitoring applies. You can add or remove extensions from the list. This list is common to all created rules. If you assign a file extension property to a rule, the rule monitors only files with the extensions you specify. It does not monitor files with an extension in the default list.

Screen shot of WatchGuard EPDR, Data Control rule-based monitoring

To configure rule-based monitoring of files:

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Settings.
  3. From the left pane, select Data Control.
  4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click The Add icon. to create a new profile.
    The Add Settings or Edit Settings page opens.
  5. In the Rule-Based Monitoring of Files section, to monitor the actions performed on files that meet the defined rules, enable Monitor Files on Disk.
  6. To monitor the actions performed on the email attachments that meet the defined rules, enable Monitor Files in Email.
  7. In the Monitoring Rules section, in the text box, type the file extensions you want Data Control to monitor.
    To delete an extension, point to the extension and click The Delete icon..
  8. In the Select the Files to Monitor list, click The Add icon. to add a new rule.
    The Add Monitoring Rules dialog box opens.

Screen shot of WatchGuard EPDR, Data Control, add monitoring rules

  1. In the Name text box, type a unique name for the rule.
  2. In the Description text box, type a brief description of the rule.
  3. Specify the condition criteria:
    PropertyOperatorValue

    File Name

    Is equal to

    Is not equal to

    Text field. Wildcard characters * and ? are supported.

    The character string cannot start with a wildcard character.

    File Path

    Is equal to

    Is not equal to

    Text field. Wildcard characters * and ? are supported.

    If you enter a file system path, the separator character is \ by default.

    You must use the wildcard character * when you define a rule with the File Path property.

    The character string cannot start with a wildcard character.

    File Content

    Is equal to

    Is not equal to

    Text field. Wildcard characters * and ? are supported.

    The character string cannot start with a wildcard character.

    File Extension

    Is equal to

    Is not equal to

    Text field. Wildcard characters are not supported.

    Enter file extensions without periods.

  4. To add more conditions to the rule, click The Add icon. New Condition.
    Logical operators AND/OR apply automatically.

Screen shot of WatchGuard EPDR, Data Control, add new condition

  1. Click Save.
  2. To make changes to an existing rule, select the rule and click .
    To delete a rule, select the rule and click The Delete icon..
  3. Click Save.
  4. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

Logical Operators and Grouping in Monitoring Rules

To combine two or more conditions in the same rule, use the logical Boolean operators AND and OR. When you add two or more conditions to a rule, a drop-down menu appears with available operators. Operators apply to the adjacent conditions.

In a logical expression, parentheses alter the order in which operators that relate rule conditions are evaluated. To group two or more conditions in parentheses, you must create a group. Parentheses enable you to group operators at different levels in a logical expression.

To group conditions:

  1. Select the consecutive rules you want to group.

Screen shot of WatchGuard EPDR, Data Control, combine rules

  1. Click Group Conditions.
    A gray bar indicates the grouped conditions.

Screen shot of WatchGuard EPDR, Data Control grouped conditions

Example Monitoring Rules

Property Content Search

File path

c:\path\*

Searches all files and folders located in C:\path\

File path

c:\path\

c:\path

Wrong format. No results are returned.

File extension

txt

Searches TXT files.

File extension

.txt

Wrong format. No results are returned.

File name

FileName

Returns all files whose name is “FileName".

File name

FileName*

Returns all files whose name starts with "FileName".

File name

?FileName

*FileName

Wrong format. No results are returned.

Related Topics

Manage Settings