When Data Loss Prevention detects the transmission of data
identifiers, it checks the DLP policy for the detected data identifiers and performs
the
action configured for the policy.
Data Loss Prevention Actions
Action
|
Description
|
||||||
Actions
|
|||||||
Pass
|
Data Loss Prevention allows and logs the
transmission.
|
||||||
Block
|
Data Loss Prevention blocks and logs the
transmission.
|
||||||
Additional Actions
|
|||||||
Notify the agent user
|
Data Loss Prevention displays a notification message
to inform the user of the data transmission and whether it was passed or
blocked.
|
||||||
Record data
|
Regardless of the primary action, Data Loss
Prevention records the sensitive information to
<Security Agent
installation folder>\DLPLite\Forensic . Select this action to
evaluate sensitive information that is being flagged by Data Loss Prevention.Recorded sensitive information may consume too much
hard disk space. Therefore, Trend Micro highly recommends that you choose this option only for highly
sensitive information.
|
||||||
Encrypt supported channels using the specified
key/password (only available if Endpoint Encryption is
installed)
|
If Trend Micro Endpoint Encryption is installed
alongside theTrend Vision One Endpoint Security agents, Data Loss Prevention can
automatically encrypt files before allowing a user to pass them
to another location. If Endpoint Encryption is not installed,
Data Loss Prevention performs the Block action on files.
Choose one of the following encryption keys or a
fixed password:
|
||||||
User justification
|
Data Loss Prevention prompts the user before
performing the
Blockaction. User can select to override the Blockaction by providing an explanation as to why the sensitive data is safe to pass. The available justification reasons are:
|