To check information, such as files, documents, or messages, by matching with the fingerprints database, DeviceLock uses content-aware rules based on Digital Fingerprints content groups. The group determines the classification of the fingerprints to be applied, and specifies whether to require an exact match or a partial match. In case of partial match, the group defines the match threshold in percentage terms.

As the fingerprints database is hosted on DeviceLock Enterprise Server while content-aware rules are processed locally on client computers, DeviceLock Service requests the server to evaluate the fingerprints of the information being inspected. For this reason, at least one server instance must be specified in the DeviceLock Service settings. To improve fault tolerance and/or performance in larger sites, there can be specified two or more operational server instances.

If a DeviceLock Enterprise Server or its fingerprints database is unavailable, the local client’s DeviceLock Service cannot apply fingerprint-based rules or “Complex” rules that contain Digital Fingerprints rule options. In this case, DeviceLock Service blocks attempts to transfer information that must be inspected by those rules by default. For example, if a rule controls the transferring of sensitive information by checking its fingerprints, but the fingerprints database server is unavailable, DeviceLock Service will not allow transferring information that must be checked by that rule.