DeviceLock Overview
General Information
Managed Access Control
DeviceLock Service for Mac
DeviceLock Content Security Server
How Search Server Works
ContentLock and NetworkLock
ContentLock and NetworkLock Licensing
User Activity Monitor (UAM)
UAM Licensing
Basic Security Rules
Installing DeviceLock
System Requirements
Deploying DeviceLock Service for Windows
Interactive Installation
Unattended Installation
Installation via Microsoft Systems Management Server
Installation via DeviceLock Management Console
Installation via DeviceLock Enterprise Manager
Installation via Group Policy
Installation via DeviceLock Enterprise Server
Deploying DeviceLock Service for Mac
Interactive Installation
Command Line Utility
Unattended Installation
Installing Management Consoles
Installing DeviceLock Enterprise Server
Installation Steps
Service account and connection settings
Starting the service
Server administrators and certificate
License information
Database settings
Test Connection
Store shadow files in the database
Completing configuration
Installing DeviceLock Content Security Server
Prepare to Install
Start Installation
Perform Configuration and Complete Installation
Service account and connection settings
Starting the Service
Server administrators and certificate
License information
Database settings
Test Connection
Completing configuration
DeviceLock Consoles and Tools
DeviceLock Management Console
Interface
DeviceLock root node
DeviceLock Service node
Connecting to Computers
Possible connection errors
DeviceLock Service Settings Editor
Creating or Modifying a Policy
Settings file save options
DeviceLock Group Policy Manager
How Group Policy is applied
Getting started with DeviceLock Group Policy Manager
Using DeviceLock Group Policy Manager
Using Resultant Set of Policy (RSoP)
Using Group Policy to Manage DeviceLock Service for Mac
DeviceLock Enterprise Manager
Interface
Scan Network Dialog Box
Selecting Computers
Supplying Credentials
Setting Port
Selecting Plug-ins
Starting a Scan
Plug-ins
Audit Log Viewer
Install Service
Report Permissions/Auditing
Report PnP Devices
Set Service Settings
Shadow Log Viewer
Uninstall Service
Open / Save / Export
Comparing Data
Filtering Data
DeviceLock Certificates
Generating DeviceLock Certificates
Installing/Removing DeviceLock Certificate
DeviceLock Signing Tool
Device Code
Service Settings
Command-line options to sign a settings file
Loading signed settings file on Windows
Loading signed settings file on Mac
DeviceLock Service
Managing DeviceLock Service for Windows
Service Options
USB/FireWire blocked message
Expired message
Content-Aware blocked read message
Content-Aware blocked write message
Protocols blocked message
Basic IP Firewall blocked message
Devices blocked read message
Devices blocked write message
Content verification message
Content verification complete message
DeviceLock Enterprise Server(s)
Log Policy changes and Start/Stop events
DeviceLock certificate
Policy Source(s)
Use Group/Server Policy
Fast servers first
Traffic priority
Always show tray icon
Archives content inspection on read
Archives content inspection on write
Binary Files Content Inspection
Offline mode detection
OWA server(s)
Apply Content-Aware Rules to file/folder names
EtherSensor Server
DeviceLock Administrators
Auditing & Shadowing
Local storage directory
Audit log threshold for file operations (seconds)
Enable local storage quota
Cleanup files older than (days)
Local storage quota (%)
Shadow zero-length files
Audit folder operations
Safe file overwrite
Prevent data transfer on errors
Audit log type
Audit log settings
Syslog settings
Transfer shadow data to server
Alerts
Alerts Settings: SNMP
Alerts Settings: SMTP
Alerts Settings: Syslog
Alerts Settings: Delivery retry parameters
Administrative Alerts
Anti-keylogger
Block keyboard
Log event
Treat any USB hub as keylogger
Notify user
PS/2 keyboard scrambling
Encryption
Devices Node
Permissions (Regular Profile)
Setting Permissions
Permissions Dialog Box
“Generic” Rights Category
“Encrypted” Rights Category
“Special Permissions” Rights Category
Default Permissions
Auditing, Shadowing & Alerts (Regular Profile)
Defining Audit and Shadowing Rules
Auditing, Shadowing & Alerts Dialog Box
“Audit” Rights Category
“Shadowing” Rights Category
Summary of Audit and Shadowing Rights by Device Type
BlackBerry
Bluetooth
Clipboard
FireWire port
Floppy
Hard disk
Infrared port
iPhone
MTP
Optical Drive
Palm
Parallel port
Printer
Removable
Serial port
Tape
TS Devices
USB port
WiFi
Windows Mobile
Enabling Alerts
USB Devices White List (Regular Profile)
White-Listed Devices
USB Devices White List Dialog Box
USB Devices Database
Media White List (Regular Profile)
White-Listed Media
Media White List Dialog Box
Media Database
Security Settings (Regular Profile)
Security Settings Node
Security Settings Description
Audit Log Viewer (Service)
Managing the Audit Log (Service)
Audit Log Settings (Service)
Audit Log Filter (Service)
Shadow Log Viewer (Service)
Managing Shadow Log Records
Managing the Shadow Log (Service)
Shadow Log Filter (Service)
Managing DeviceLock Service for Mac
Enabling NTLM authentication for local users on Mac OS X
Content-Aware Rules (Regular Profile)
Rules for Devices
Content-Aware Rules Node
List of Content-Aware Rules for Devices
Access Control
Content-Aware Shadowing
Content-Aware Detection
Rules for Protocols
Content-Aware Rules Node
List of Content-Aware Rules for Protocols
Access Control
Content-Aware Shadowing
Content-Aware Detection
Configuring Content Groups
File Type Detection Content Groups
Creating Custom File Type Detection Groups
Keywords Content Groups
Creating Custom Keywords Groups
Pattern Content Groups
Creating Custom Pattern Groups
Document Properties Content Groups
Recognizing Boldon James Classifier Labels
Complex Content Groups
Viewing Built-in Content Groups
Duplicating Built-in Content Groups
Editing or Deleting Custom Content Groups
Testing Content Groups
Managing Content-Aware Rules
Defining Content-Aware Rules
Defining Rules for Devices
Defining Rules for Protocols
Editing Content-Aware Rules
Copying Content-Aware Rules
Exporting and Importing Content-Aware Rules
Undefining Content-Aware Rules
Deleting Content-Aware Rules
Digital Fingerprints
Digital Fingerprinting Technique
How It Works
Fingerprints Collection and Storage
Fingerprints Matching
Inspecting fingerprints within archives
Getting Started Using Digital Fingerprints
Administering Digital Fingerprints
Fingerprinting Options
Versioning threshold for text
Versioning threshold for binary
Fingerprinting Tasks
Creating Tasks
Dialog box for configuring a task
Managing Existing Tasks
Viewing Task Run Reports
Managing Classifications
Fingerprints Database
Viewing Fingerprint List
Viewing Detailed Fingerprint Information
Adding Fingerprints Manually
Fingerprints Log Viewer
Managing the Fingerprints Log
Fingerprints Log Settings
Fingerprints Log Filter
Applying Digital Fingerprints
Service Options for Digital Fingerprints
Use global DeviceLock Enterprise Server(s) settings
DeviceLock Enterprise Server(s)
Digital Fingerprints Content Groups
Dialog box for configuring a Digital Fingerprints group
Protocols (Regular Profile)
Overview
Protocols Node
Managing Permissions for Protocols
Access Rights
Career Search
File Sharing
FTP
HTTP
IBM Notes
ICQ Messenger
IRC
Jabber
Mail.ru Agent
MAPI
Skype
SMB
SMTP
Social Networks
Telegram
Telnet
Torrent
Viber
Web Mail
Web Search
WhatsApp
Zoom
Default Permissions
Permission Management Tasks
Setting and editing permissions
Undefining permissions
Managing Audit, Shadowing and Alerts for Protocols
Audit and Shadowing Rights
Career Search
File Sharing
FTP
HTTP
IBM Notes
ICQ Messenger
IRC
Jabber
Mail.ru Agent
MAPI
Skype
SMB
SMTP
Social Networks
Telegram
Telnet
Torrent
Viber
Web Mail
Web Search
WhatsApp
Zoom
Default Audit and Shadowing
Auditing, Shadowing and Alerts Management Tasks
Defining and editing audit and shadowing rules
Enabling alerts
Undefining audit and shadowing rules
Managing Protocols White List
White List Rules
White List Rule Parameters
Content Inspection
If this rule triggers
Hosts
Ports
File Sharing Services
SSL
Local sender ID(s)
Remote recipient ID(s)
Local sender Email(s)
Remote recipient Email(s)
Social Networks
Web Mail Services
Web Search Services
Career Search Services
White List Management Tasks
Defining Protocols White List
Editing Protocols White List
Copying rules of Protocols White List
Exporting and importing Protocols White List
Undefining Protocols White List
Deleting rules of Protocols White List
Managing Basic IP Firewall
Firewall Rules
Firewall Rule Parameters
Name
Override Protocols Permissions
Protocol
Type
Direction
If this rule triggers
Hosts
Ports
Firewall Management Tasks
Defining firewall rules
Editing firewall rules
Copying firewall rules
Exporting and importing firewall rules
Undefining firewall rules
Deleting firewall rules
Managing Security Settings for Protocols
Security Settings Description
Security Settings Management Tasks
Defining and changing Security Settings
Undefining Security Settings
Inspection and Control of SSL-encrypted Traffic
DeviceLock Security Policies (Offline Profile)
Overview
Configuring Offline Mode Detection Settings
Switching Between Online and Offline Mode
Managing Offline Security Policies for Devices
Managing Offline Permissions for Devices
Setting and editing offline permissions
Undefining offline permissions
Removing offline permissions
Managing Offline Audit, Shadowing and Alerts for Devices
Defining and editing offline audit and shadowing rules
Enabling offline alerts
Undefining offline audit and shadowing rules
Removing offline audit and shadowing rules
Managing Offline USB Devices White List
Defining and editing offline USB Devices White List
Exporting and importing offline USB Devices White List
Undefining offline USB Devices White List
Removing offline USB Devices White List
Managing Offline Media White List
Defining and editing offline Media White List
Exporting and importing offline Media White List
Undefining offline media White List
Removing offline Media White List
Managing Offline Content-Aware Rules for Devices
Defining offline Content-Aware Rules
Editing offline Content-Aware Rules
Copying offline Content-Aware Rules
Exporting and importing offline Content-Aware Rules
Deleting offline Content-Aware Rules
Undefining offline Content-Aware Rules
Removing offline Content-Aware Rules
Managing Offline Security Settings for Devices
Defining and changing offline Security Settings
Undefining offline Security Settings
Removing offline Security Settings
Managing Offline Security Policies for Protocols
Managing Offline Permissions for Protocols
Setting and editing offline permissions
Undefining offline permissions
Removing offline permissions
Managing Offline Audit, Shadowing and Alerts for Protocols
Defining and editing offline audit and shadowing rules
Enabling offline alerts
Undefining offline audit and shadowing rules
Removing offline audit and shadowing rules
Managing Offline Protocols White List
Defining offline Protocols White List
Editing offline Protocols White List
Copying rules of offline Protocols White List
Exporting and importing offline Protocols White List
Deleting rules of offline Protocols White List
Undefining offline Protocols White List
Removing offline Protocols White List
Managing Offline IP Firewall
Defining offline firewall rules
Editing offline firewall rules
Copying offline firewall rules
Exporting and importing offline firewall rules
Deleting offline firewall rules
Undefining offline firewall rules
Removing offline firewall rules
Managing Offline Content-Aware Rules for Protocols
Defining offline Content-Aware Rules
Editing offline Content-Aware Rules
Copying offline Content-Aware Rules
Exporting and importing offline Content-Aware Rules
Deleting offline Content-Aware Rules
Undefining offline Content-Aware Rules
Removing offline Content-Aware Rules
Managing Offline Security Settings for Protocols
Defining and changing offline Security Settings
Undefining offline Security Settings
Removing offline Security Settings
Temporary White List
Overview
Temporary White List Authorization Tool
User Activity Monitor
Introduction to User Activity Monitor
Getting Started with User Activity Monitor
Monitoring Settings
Options
Grayscale
Pause while inactive
Video resolution
Multiple displays
Log passwords
Rules
Creating rules
Dialog box for managing rules
Dialog box for configuring a rule
Setting up triggering criteria
System state criteria vs. event criteria
Ways to stop recording
Examples of user activity monitoring rules
What if a rule triggers when recording is in progress?
What if there is nothing to record?
Managing existing rules
Viewing User Activity
List of Monitoring Sessions
Filtering the list of sessions
Session Viewer
Screen recording viewer
Keystroke recording viewer
Process list
Managing the UAM Log
Local storage quota
UAM log settings
UAM log filter
DeviceLock Enterprise Server
Administering DeviceLock Enterprise Server
Server Options
Server Administrators
Managing Server Options
Using Log Viewers
Audit Log Viewer (Server)
Managing the Audit Log (Server)
Audit Log Settings (Server)
Audit Log Filter (Server)
Shadow Log Viewer (Server)
Managing Shadow Log Records
Managing the Shadow Log (Server)
Shadow Log Settings (Server)
Shadow Log Filter (Server)
Deleted Shadow Data Log
Managing the Deleted Shadow Data Log
Server Log Viewer
Managing the Server Log
Server Log Settings
Server Log Filter
Consolidating Logs
Getting Started Using the Consolidation of Logs
Administering the Consolidation of Logs
Log consolidation settings
Configuring authentication
Retry parameters
Consolidation server list
Monitoring
Monitoring Tasks
Task and Its Monitored Computers
Monitoring Algorithm
Create/Edit Task
Monitoring Log Viewer
Managing the Monitoring Log
Monitoring Log Settings
Monitoring Log Filter
DeviceLock Enterprise Server Policies
Overview
How Policies Are Processed and Applied
Policy Application Scenarios: Required Configuration Steps
Managing DeviceLock Policies
Using the Policies Node
Policy Object
Default Policy
Managing Policy Objects
Creating a Custom Policy Object
Editing a Policy Object
Deleting a Custom Policy Object
Restoring the Default Settings for the Default Policy Object
Managing Computers Assigned to Policy Objects
Immediately Applying Policies to Client Computers
Changing the Policy Object for a Client Computer
Removing a Client Computer from All Policy Objects
Refreshing a List of Assigned Computers and Policy Execution Information
Using the Policy Log Viewer
Managing the Policy Log
Policy Log Settings
Policy Log Filter
DeviceLock Reports
Report Categories and Types
Relations Charts
Domain and User Statistics
Domain Statistics
User ID Statistics
Unique Contact Statistics
Interacting with a Graph
Relations Chart Node
Relations Chart Report
User Dossiers
Event folding
Getting started with user dossiers
User List
User Card
User account information
User loyalty indicator
User activity overview
Reporting period selector
User activity charts
User action details
Relations chart
Directory Service Connection Settings
Audit Log Reports
Allowed & Denied access requests per channel
Allowed vs. Denied access requests
Read & Write access requests per device type
Top active computers
Top active processes
Top active users
Top inserted USB & FireWire devices
Top used USB devices
DeviceLock Service versions
DeviceLock Service versions by computers
DeviceLock policy changes
Top used Printers
Top printed documents
Top copied files by extension
Shadow Log Reports
Copied files per channel
Top active computers
Top active processes
Top active users
Top copied files
Top copied files by extension
Top printed documents
Report Creation Tasks
Creating Tasks
Dialog box for configuring report options
Report period
Contact(s)
Include internal user(s)
Exclude internal user(s)
Exclude external contact(s)
Computer(s)
Version(s)
User(s)
File name
Printer(s)
Threshold
Report Devices
Report TS Devices as regular devices
Report Protocols
Access type(s)
Device type(s)
Protocol(s)
Top computers
Top Printers
Top users
Top USB and FireWire devices
Top USB devices
Top processes
Top files
Top printed documents
Dialog box for configuring task schedule and options
Managing Existing Tasks
Viewing Reports Created by a Task
Configuring E-mail Delivery of Reports
Setting Default Format for Reports
Working with Reports
Generating Reports
Refreshing Lists of Reports
Viewing Reports
Viewing Report Parameters
Exporting and Saving Reports
Sending Reports by E-mail
Deleting Reports
DeviceLock Content Security Server
Administering DeviceLock Content Security Server
Server Options
Server Administrators
Search Server Options
Managing General Settings
Configuring access to the DeviceLock Content Security Server
Setting the service startup account
Installing or removing a DeviceLock certificate
Configuring the TCP Port setting
Managing the database connection settings
Managing Search Server Settings
Installing Search Server licenses
Specifying DeviceLock Enterprise Server/s to index
Specifying Search Server index location
Setting up the index to include text data from binary files
Setting up indexing schedule
Setting up merge operations schedule
Rebuilding the index on demand
Updating the existing index on demand
Checking the status of the current indexing actions
Specifying mail server for Search Server reports
Using Search Server
Performing a search
Steps to perform a search
Managing saved queries
Creating or editing a saved query
Managing content-aware search groups
Dialog box for managing search groups
File Type Detection groups
Keywords groups
Pattern groups
Document Properties groups
Complex groups
Working with search results
Working with shadow copies
Automating search operations
Creating and configuring a new search task
Setting up the search query
Setting up the search schedule and results settings
Managing existing tasks
Exporting and importing tasks
Managing a task and its reports
Viewing a task’s report
Viewing and managing the tasks log
Managing log settings
Filtering the log
Refreshing the list of events, saving and clearing the log
File Formats Indexed for Search
Appendix: Activating DeviceLock Licenses
About DeviceLock License Types
Activating Client Licenses
Activating Server Licenses
Appendix: Consolidating the Logs in the Cloud Using OpenVPN
Requirements Overview
Configuring the Cloud Server
Install OpenVPN
Prepare the Server Certificates
Configure the OpenVPN Server
Configure the DeviceLock Enterprise Server
Configuring On-premises Servers
Install OpenVPN
Prepare the Client Certificate and IP Address
Configure the OpenVPN Client
Configure the DeviceLock Enterprise Server
Test: Connect the Console to the Cloud Server
Appendix: Examples
Permission and Audit Examples for Devices
Permission Examples
Audit & Shadowing Examples
Permission Examples for Protocols
Content-Aware Rule Examples
Basic IP Firewall Rule Examples
DeviceLock Discovery Overview
Introducing DeviceLock Discovery
Understanding DeviceLock Discovery
Features and Benefits
How DeviceLock Discovery Works
Scan agent system requirements
Licensing
Installing DeviceLock Discovery
Installing DeviceLock Content Security Server
Prepare to Install
Start Installation
Perform Configuration and Complete Installation
Service account and connection settings
Starting the Service
Server administrators and certificate
License information
Database settings
Test Connection
Completing configuration
Setting Up Discovery Server
Navigating Discovery Server
General Settings
Configuring access to the DeviceLock Content Security Server
Setting the service startup account
Installing or removing a DeviceLock certificate
Configuring the TCP Port setting
Managing the database connection settings
Discovery Server Options
Specifying Digital Fingerprints Database Server(s)
Installing DeviceLock Discovery licenses
Configuring log options
Setting up alert and notification messages
Setting the data collection interval
Enabling binary files content inspection
Alerts
Alerts Settings: SNMP
Alerts Settings: SMTP
Alerts Settings: Syslog
Alerts Settings: Delivery retry parameters
Resetting Alert Settings to Defaults
Endpoint Scanning
Discovery Server
Units
Creating a Unit
Adding Filters
Creating a filter: Example
Scanning a network share: Example
Managing Units
Elasticsearch Units
Filter control dialog box for Elasticsearch
Rules and Actions
Rules & Actions Node
Defining and Editing Rules and Actions
Using the “Rules & Actions” dialog box
Using the “Edit Rule” dialog box
Importing and Exporting Rules
Tasks
Tasks Node
Creating a Task
Task and Its Reports
Viewing the report list
Viewing a Report
Navigating Reports
Tasks Log Viewer
Managing the Tasks Log
Discovery Log Viewer
Managing the Discovery Log
DeviceLock Help
Managing the Discovery Log