Periodic Document Encryption Settings


Use this dialog box to change the settings for the Data Loss Prevention (DLP) Periodic Document Encryption feature.

Enable Data Loss Prevention for these documents

Select this check box to enable the Periodic Document Encryption feature on a client or client group.

Lock following contents

The paths listed in this box will be locked on the client or client group computers according the DLP scan settings.


In the Lock following contents box, do not specify the root system drive or the folder where the Commvault software is installed.

Paths in the Lock following contents box can contain files, folders, Environment Variables, or wildcard patterns as follows:




Lock specific files or folders.

Type full path of the file or folder on the local machine.

  • To lock the contents of the Public Documents folder


  • To lock a text file named addresses.txt in the Public Documents folder, enter:


Lock library folders, such as My Documents and My Pictures, on Windows clients.

Type the case-sensitive Environmental Variable for the library folder.

  • To lock the contents of all My Documents folders, enter:


Lock a specific file type.

Type the an asterisk (*) followed by the file extension.

  • To lock all text documents in the C: drive, enter:


  • To lock all text documents in the Public Documents folder, enter:


  • Browse Paths: When configuring Periodic Document Encryption settings on the client level, click this button to add files and folder to the Lock following contents field by browsing the client folder structure.

  • Add Paths: Click this button to add files and folders to the Lock following contents box by typing a path.

  • Delete: Click this button to delete paths selected in the Lock following contents box.

  • Edit Paths: Click this button to edit the path selected in the Lock following contents box.

Skip following contents

The paths listed in this box will be not be locked during DLP scans. By default, the Commvault installation folder, Windows System folder, and Program Files folder are always skipped during DLP scans:

Paths in the Skip following contents box can contain files, folders, or wildcard patterns as follows:




Skip specific files or folders.

Type full path of the file or folder on the local machine.

  • To skip the contents of the Public Documents folder


  • To skip a text file named addresses.txt in the Public Documents folder, enter:


Skip a specific file type.

Type the an asterisk (*) followed by the file extension.

  • To skip all text documents in the C: drive, enter:


  • To skip all text documents in the Public Documents folder, enter:


  • Delete: Click this button to delete paths selected in the Skip following contents box.

  • Add Paths: Click this button to add files and folders to the Skip following contents box by typing a path.

Rescan DLP contents ever n minutes

The value of this option defines the frequency of DLP scans. By default, DLP scans occur every fifteen minutes.

Auto-protect documents that are more than n minutes old

The value of this option defines how long a file must remain unopened before it will be locked during a DLP scan. This setting helps ensure that open files that are in-use are not locked during a DLP scan. By default, files that match the DLP settings and have been opened or modified within five minutes of a DLP scan will not be locked.

Allow backup server to unlock documents

When this check box is selected, the CommServe host can automatically unlock files during file system backups. This enables data protection features, such as content indexing and deduplication, to be performed on locked files. By default, Periodic Document Encryption settings are configured such that files are automatically unlocked during CommServe operations. If you clear this setting, then backups of locked files will require the correct passkey to open and read their contents on the backup media.

We recommend that you do not clear the Allow backup server to unlock documents option, as this might prevent backup operations from running as configured.

Enable automatic unlock

When this option is selected, end-users can double-click to open a locked file. If the Allow backup server to unlock documents option is also selected, then users will not be prompted to enter a pass-key when opening a locked file.

Mark Device as lost or stolen (client-level only)

From the Periodic Document Encryption settings on the client computer level, select this check box to indicate that the client has been reported lost or stolen by the client owner. When this check box is selected, locked files will require the correct passkey to be entered before the contents of the file can be read.

Your Opinion Matters!

How likely are you to recommend Commvault's documentation site?

0 = Not likely at all 10 = Extremely likely