Online Help for DLP Settings

Periodic Document Encryption Settings

Use this dialog box to change the settings for the Data Loss Prevention (DLP) Periodic Document Encryption feature.

Enable Data Loss Prevention for these documents

Select this check box to enable the Periodic Document Encryption feature on a client or client group.

Lock following contents

The paths listed in this box will be locked on the client or client group computers according the DLP scan settings.

Note

In the Lock following contents box, do not specify the root system drive or the folder where the Commvault software is installed.

Paths in the Lock following contents box can contain files, folders, Environment Variables, or wildcard patterns as follows:

Goal	Input	Examples
Lock specific files or folders.	Type full path of the file or folder on the local machine.	To lock the contents of the Public Documents folder C:\Users\Public\Documents To lock a text file named addresses.txt in the Public Documents folder, enter: C:\Users\Public\Documents\addresses.txt
Lock library folders, such as My Documents and My Pictures, on Windows clients.	Type the case-sensitive Environmental Variable for the library folder.	To lock the contents of all My Documents folders, enter: \%Documents%
Lock a specific file type.	Type the an asterisk (*) followed by the file extension.	To lock all text documents in the C: drive, enter: *C:\.txt To lock all text documents in the Public Documents folder, enter: C:\Users\Public\Documents\.txt*

Browse Paths: When configuring Periodic Document Encryption settings on the client level, click this button to add files and folder to the Lock following contents field by browsing the client folder structure.
Add Paths: Click this button to add files and folders to the Lock following contents box by typing a path.
Delete: Click this button to delete paths selected in the Lock following contents box.
Edit Paths: Click this button to edit the path selected in the Lock following contents box.

Skip following contents

The paths listed in this box will be not be locked during DLP scans. By default, the Commvault installation folder, Windows System folder, and Program Files folder are always skipped during DLP scans:

Paths in the Skip following contents box can contain files, folders, or wildcard patterns as follows:

Goal	Input	Examples
Skip specific files or folders.	Type full path of the file or folder on the local machine.	To skip the contents of the Public Documents folder C:\Users\Public\Documents To skip a text file named addresses.txt in the Public Documents folder, enter: C:\Users\Public\Documents\addresses.txt
Skip a specific file type.	Type the an asterisk (*) followed by the file extension.	To skip all text documents in the C: drive, enter: *C:\.txt To skip all text documents in the Public Documents folder, enter: C:\Users\Public\Documents\.txt*

Delete: Click this button to delete paths selected in the Skip following contents box.
Add Paths: Click this button to add files and folders to the Skip following contents box by typing a path.

Rescan DLP contents ever n minutes

The value of this option defines the frequency of DLP scans. By default, DLP scans occur every fifteen minutes.

Auto-protect documents that are more than n minutes old

The value of this option defines how long a file must remain unopened before it will be locked during a DLP scan. This setting helps ensure that open files that are in-use are not locked during a DLP scan. By default, files that match the DLP settings and have been opened or modified within five minutes of a DLP scan will not be locked.

Allow backup server to unlock documents

When this check box is selected, the CommServe host can automatically unlock files during file system backups. This enables data protection features, such as content indexing and deduplication, to be performed on locked files. By default, Periodic Document Encryption settings are configured such that files are automatically unlocked during CommServe operations. If you clear this setting, then backups of locked files will require the correct passkey to open and read their contents on the backup media.

We recommend that you do not clear the Allow backup server to unlock documents option, as this might prevent backup operations from running as configured.

Enable automatic unlock

When this option is selected, end-users can double-click to open a locked file. If the Allow backup server to unlock documents option is also selected, then users will not be prompted to enter a pass-key when opening a locked file.

NOTE: You cannot enable this option on a Windows 10 computer.

Mark Device as lost or stolen (client-level only)

From the Periodic Document Encryption settings on the client computer level, select this check box to indicate that the client has been reported lost or stolen by the client owner. When this check box is selected, locked files will require the correct passkey to be entered before the contents of the file can be read.

Secure Erase Settings

Use this dialog box to change the settings for the Data Loss Prevention (DLP) Periodic Document Encryption feature.

Caution: Secure Erase permanently deletes data on a client computer (data shredding) by performing a DOE-compliant 3-pass secure erase. Use caution with Secure Erase, as improper use can result in irreversible loss of data.

Enable Secure Erase

Select this check box to enable the Secure Erase feature on a client or client group.

Securely erase selected documents after the client stays offline for more than n days

Select this check box to enable the Secure Erase feature on a client or client group.

Securely erase selected documents now or as soon as the client comes back online (client-level only)

Selecting this check box will permanently erase the selected data on the client computer. This operation is irreversible.

Select this check box to erase files in the Recursively erase the following contents box to be erased as soon as the client computer is online, or has connectivity with the CommServe host. If the client is currently online, the files will be erased immediately.

Recursively erase the following contents

The paths listed in this box will be erased on the client or client group computers according the Secure Erase settings.

Categories within Content Library are not supported for Secure Erase. Paths in the Recursively erase the following contents box can contain files, folders, Environment Variables, or wildcard patterns as follows:

Goal	Input	Examples
Erase specific files or folders.	Type full path of the file or folder on the local machine.	To erase the contents of the Public Documents folder C:\Users\Public\Documents To erase a text file named addresses.txt in the Public Documents folder, enter: C:\Users\Public\Documents\addresses.txt
Erase library folders, such as My Documents and My Pictures, on Windows clients.	Type the case-sensitive Environmental Variable for the library folder.	To erase the contents of all My Documents folders, enter: \%Documents%
Erase a specific file type.	Type the an asterisk (*) followed by the file extension.	To erase all text documents, enter: .txt To erase all text documents in the Public Documents folder, enter: C:\Users\Public\Documents\.txt**

Browse Paths: When configuring Secure Erase settings on the client level, click this button to add files and folder to the Recursively erase the following contents field by browsing the client folder structure.
Add Paths: Click this button to add files and folders to the Recursively erase the following contents box by typing a path.
Delete: Click this button to delete paths selected in the Recursively erase the following contents box.
Edit Paths: Click this button to edit the path selected in the Recursively erase the following contents box.

Skip following contents

The paths listed in this box will be not be erased when a client Secure Erase operation is triggered.

Paths in the Skip following contents box can contain files, folders, or wildcard patterns as follows:

Goal	Input	Examples
Skip specific files or folders.	Type full path of the file or folder on the local machine.	To skip the contents of the Public Documents folder C:\Users\Public\Documents To skip a text file named addresses.txt in the Public Documents folder, enter: C:\Users\Public\Documents\addresses.txt
Skip a specific file type.	Type the an asterisk (*) followed by the file extension.	To skip all text documents, enter: .txt To skip all text documents in the Public Documents folder, enter: C:\Users\Public\Documents\.txt**

Delete: Click this button to delete paths selected in the Skip following contents box.
Add Paths: Click this button to add files and folders to the Skip following contents box by typing a path.

Online Help for DLP Settings

Periodic Document Encryption Settings

Enable Data Loss Prevention for these documents

Lock following contents

Skip following contents

Rescan DLP contents ever n minutes

Auto-protect documents that are more than n minutes old

Allow backup server to unlock documents

Enable automatic unlock

Mark Device as lost or stolen (client-level only)

Secure Erase Settings

Enable Secure Erase

Securely erase selected documents after the client stays offline for more than n days

Securely erase selected documents now or as soon as the client comes back online (client-level only)

Recursively erase the following contents

Skip following contents

Page contents