Content-Aware Rules (Regular Profile) : Rules for Protocols : Access Control
  
Access Control
By using Content-Aware Rules for protocols, one can do the following:
Grant access to specified content when access is denied at the protocol-level.
Deny access to specified content when access is granted at the protocol-level.
Content-Aware Rules apply to sessions allowed by the Protocols White List if the Content Inspection flag is selected. Otherwise, Content-Aware Rules have no effect on those sessions.
The following table provides summary information on access rights that can be specified for each protocol in Content-Aware Rules.
 
Protocol
Access rights
Description
Career Search
Generic: Search
Controls whether the user can submit vacancy search requests with specified content on job search sites.
Generic: Outgoing Messages
Controls whether the user can send messages and submit résumé and other web-form data with specified content on job search sites.
Generic: Outgoing Files
Controls whether the user can upload files with specified content to job search sites.
File Sharing, HTTP
Generic: POST Requests
Controls whether the user can submit Web form data with specified content to a Web server using HTTP.
Generic: Outgoing Files
Controls whether the user can upload files with specified content to a Web server using HTTP.
SSL: POST Requests
Controls whether the user can submit Web form data with specified content to a Web server using HTTPS.
SSL: Outgoing Files
Controls whether the user can upload files with specified content to a Web server using HTTPS.
FTP
Generic: Outgoing Files
Controls whether the user can upload files with specified content to an FTP server.
SSL: Outgoing Files
Controls whether the user can upload files with specified content to an FTP server using FTPS.
IBM Notes
Generic: Outgoing Messages
Controls whether the user can send email messages with specified content from the IBM Notes client to IBM Domino server.
Generic: Outgoing Files
Controls whether the user can send email attachments with specified content from the IBM Notes client to IBM Domino server.
ICQ Messenger, IRC
Generic: Outgoing Messages
Controls whether the user can send instant messages with specified content.
Generic: Outgoing Files
Controls whether the user can send files with specified content.
SSL: Outgoing Messages
Controls whether the user can send instant messages with specified content using SSL.
SSL: Outgoing Files
Controls whether the user can send files with specified content using SSL.
Mail.ru Agent, Jabber, Skype, Zoom
Generic: Outgoing Messages
Controls whether the user can send instant messages with specified content.
Generic: Outgoing Files
Controls whether the user can send files with specified content.
MAPI
Generic: Outgoing Messages
Controls whether the user can send email messages with specified content from the Outlook client to Microsoft Exchange Server.
Generic: Outgoing Files
Controls whether the user can send email attachments with specified content from the Outlook client to Microsoft Exchange Server.
SMB
Generic: Outgoing Files
Controls whether the user can upload files with specified content to SMB servers and download such files from shared network folders of the computer running DeviceLock Service.
SMTP, Web Mail
Generic: Outgoing Messages
Controls whether the user can send email messages with specified content.
Generic: Outgoing Files
Controls whether the user can send email attachments with specified content.
SSL: Outgoing Messages
Controls whether the user can send email messages with specified content using SSL.
SSL: Outgoing Files
Controls whether the user can send email attachments with specified content using SSL.
Social Networks
Generic: Outgoing Messages
Controls whether the user can send messages, comments, and posts with specified content.
Generic: Outgoing Files
Controls whether the user can send media and other files with specified content to a social networking site.
Viber
Generic: Outgoing Files
Controls whether the user can send files with specified content.
Web Search
Generic: Search
Controls whether the user can submit search requests with specified content on web search sites.
 
Note:  
If the “No Access” permission is set for a protocol and there is a Content-Aware Rule that allows access to specified content for the same protocol, the Send/Receive Data access right is automatically granted to users for this protocol. For more information about this access right, see Managing Permissions for Protocols.
If the “No Access” permission is set for the Viber protocol, Content-Aware Rules that allow access to specified content for that protocol have no effect. In this case, the Viber user can neither send nor receive messages and files.
The POST Requests access right for the File sharing protocol, when applied to the iCloud service, controls whether a user can upload non-file data (Mail, Notes, Calendar, Contacts, Reminders) to iCloud. The same access right enables the audit logging and shadow copying of the non-file data uploaded to iCloud. Audit records of upload attempts and shadow copies of that data are stored as Outgoing Messages.
The access rights for the MAPI protocol also apply to the drafts of the messages not sent from Outlook to Exchange Server. For example, DeviceLock will not allow Outlook to auto-save message drafts with specified content if the Outlook user does not have the right to send messages with that content.
When using Content-Aware Rules, consider the following:
Content-Aware Rules with Deny settings take priority over rules with Allow settings if they apply to the same users or groups.
Exception: Content-Aware Rules with Allow settings based on a Document Properties group with the Text extraction not supported option selected take priority over rules with Deny settings and allow transfer of any matching content, including split (or multi-volume) archives.
Exception: An Allow Content-Aware Rule based on a Document Properties group with the Password protected option selected takes priority over Deny rules (if any) and allows transfer of any matching content. A Complex Allow Content-Aware Rule Boolean will take priority only if there is a Document Properties group with the Password protected option selected among a set of logically connected content groups that the file matched.
Exception: An Allow Content-Aware Rule based on a Digital Fingerprints group with the Exact file match option selected takes priority over Deny rules (if any) and allows transfer of any matching content. A Complex Allow Content-Aware Rule Boolean will take priority only if there is a Digital Fingerprints group with the Exact file match option selected among a set of logically connected content groups that the file matched.
Content-Aware Rules with Allow settings allow transfer of the whole data object (message or file, including archives and other containers) when the content matches these rules and when the content does not match a Content-Aware Rule with Deny settings.
Checking the content of files can be a time-consuming operation. The DeviceLock administrator can define a content verification message to be displayed to users when content inspection is in progress. For detailed information on this message, see the Content verification message parameter description in Service Options.
When Content-Aware Rules block transmitting certain content, the user is notified by a message, provided that the respective message is enabled in Service Options. For detailed information on this message, see the Content-Aware blocked write message parameter description.