Data Control Settings

Applies To: WatchGuard Data Control This topic applies to the WatchGuard endpoint security module, Data Control. Data Control is available with WatchGuard EPDR and WatchGuard EDR.

In a Data Control settings profile, you configure the settings to monitor personal data on your computers.

To search for personal data in Microsoft Office documents, computers must have the Microsoft Filter Pack installed. To find computers on the network without some or all of the required components, click Check Now in the yellow warning box. For more information, see Data Control Requirements.

To configure Data Control settings:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Settings.
3. From the left pane, select Data Control.
4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
   The Add Settings or Edit Settings page opens.
   
5. Enter a Name and Description for the profile, if required.
6. In the Personal Data section, to keep an up-to-date inventory of all personal data stored on the computers (personal ID numbers, email addresses, bank account numbers, and so on), enable Generate and Keep an Up-to-Date Inventory of Personal Data. For more information, see About Personally Identifiable Information (PII) in Data Control.
   For the files with Personally Identifiable Information (PII) stored on a specific computer to appear in the dashboard, the inventory process must complete on that computer. For more information, see Data Control Dashboard.
7. To monitor the process actions executed on the files with PII stored on computers, enable Monitor Personal Data on Disk.
8. To monitor the actions executed on the personal data stored in email attachments, enable Monitor Personal Data in Email.
9. To enable Data Control to search for indexed files by name or content, enable Allow Data Searches on Computers.
   For more information, see About Data Control Search.
10. Add exclusions, if required.
    For more information, see Add Exclusions to the Indexing Process.
11. Configure rule-based monitoring.
    For more information, see Configure Rule-Based Monitoring of Files.
12. In the Advanced Indexing Options section, configure the indexing content and schedule.
    For more information, see Configure Advanced Indexing in Data Control.
13. In the Write to Removable Storage Devices section, enable or disable Allow write to removable drives only when the drive is encrypted.
    If you enable this option, it is not possible to write to unencrypted removable drives.
14. Click Save.
15. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

Add Exclusions to the Indexing Process

In the Data Control settings, you can exclude files that you do not want to index.

To add exclusions:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Settings.
3. From the left pane, select Data Control.
4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
   The Add Settings or Edit Settings page opens.
5. Click Personal Data.
6. In the Exclusions section, enter file extensions, file names, and folder names that you want Data Control to exclude.
   • Extensions — Enter the extensions of files to exclude (for example, .docx, .csv).
   • Files — Enter the names of the files to exclude. You can use the wildcard characters ? and * (for example, *PAYROLL*, *CV*).
   • Folders — Enter the folders you want to exclude. You can use system variables and the wildcard characters ? and * (for example, HR, Invoices). For more information, see Data Control Search Syntax.
7. Click Save.
8. Select the profile and assign recipients, if required.
   For more information, see Assign a Settings Profile.

Configure Rule-Based Monitoring of Files

You can define rules for Data Control to monitor files not classified as PII. You can define up to ten rules, each with a unique name.

The rules you define here affect the Data Control dashboards in the Advanced Visualization Tool. For more information, see About Data Control Advanced Visualization.

The Monitoring Rules section shows a list of default file extensions to which monitoring applies. You can add or remove extensions from the list. This list is common to all created rules. If you assign a file extension property to a rule, the rule monitors only files with the extensions you specify. It does not monitor files with an extension in the default list.

To configure rule-based monitoring of files:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Settings.
3. From the left pane, select Data Control.
4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click to create a new profile.
   The Add Settings or Edit Settings page opens.
5. In the Rule-Based Monitoring of Files section, to monitor the actions performed on files that meet the defined rules, enable Monitor Files on Disk.
6. To monitor the actions performed on the email attachments that meet the defined rules, enable Monitor Files in Email.
7. In the Monitoring Rules section, in the text box, type the file extensions you want Data Control to monitor.
   To delete an extension, point to the extension and click .
8. In the Select the Files to Monitor list, click to add a new rule.
   The Add Monitoring Rules dialog box opens.

9. In the Name text box, type a unique name for the rule.
10. In the Description text box, type a brief description of the rule.
11. Specify the condition criteria:
    

    Property	Operator	Value
    File Name	Is equal to Is not equal to	Text field. Wildcard characters * and ? are supported. The character string cannot start with a wildcard character.
    File Path	Is equal to Is not equal to	Text field. Wildcard characters * and ? are supported. If you enter a file system path, the separator character is \ by default. You must use the wildcard character * when you define a rule with the File Path property. The character string cannot start with a wildcard character.
    File Content	Is equal to Is not equal to	Text field. Wildcard characters * and ? are supported. The character string cannot start with a wildcard character.
    File Extension	Is equal to Is not equal to	Text field. Wildcard characters are not supported. Enter file extensions without periods.

12. To add more conditions to the rule, click New Condition.
    Logical operators AND/OR apply automatically.

13. Click Save.
14. To make changes to an existing rule, select the rule and click .
    To delete a rule, select the rule and click .
15. Click Save.
16. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

Logical Operators and Grouping in Monitoring Rules

To combine two or more conditions in the same rule, use the logical Boolean operators AND and OR. When you add two or more conditions to a rule, a drop-down menu appears with available operators. Operators apply to the adjacent conditions.

In a logical expression, parentheses alter the order in which operators that relate rule conditions are evaluated. To group two or more conditions in parentheses, you must create a group. Parentheses enable you to group operators at different levels in a logical expression.

To group conditions:

1. Select the consecutive rules you want to group.

2. Click Group Conditions.
   A gray bar indicates the grouped conditions.

Example Monitoring Rules

Property	Content	Search
File path	c:\path\*	Searches all files and folders located in C:\path\
File path	c:\path\ c:\path	Wrong format. No results are returned.
File extension	txt	Searches TXT files.
File extension	.txt	Wrong format. No results are returned.
File name	FileName	Returns all files whose name is “FileName".
File name	FileName*	Returns all files whose name starts with "FileName".
File name	?FileName *FileName	Wrong format. No results are returned.

Related Topics

Manage Settings