Dialog box for configuring a Digital Fingerprints group

•DeviceLock Server - The name of the computer running DeviceLock Enterprise Server (for example, the fully qualified domain name (FQDN) of that computer). This setting is only used to configure the group, and does not affect applying and processing the rules based on this group.

The dialog box gets the list of custom classifications from the server specified in this field. If the DeviceLock Enterprise Servers have no custom classifications or they are not needed for this particular group, then this field can be left blank. As a result, the Classification level list does not include any custom classifications and the Fetch button is unavailable.

•Classification level - The classification of digital fingerprints to be used by this group. Rules that employ this group check submitted information by matching its fingerprints with the fingerprints contained in the classification specified. When the rule detects a sufficient match of the fingerprints, the information is assigned the respective classification level.

The Classification level list allows the administrator to select any built-in classification except “Unclassified”. It can be extended to include custom classifications that exist on DeviceLock Enterprise Server(s). To extend the list, fill in the DeviceLock Server field, and then click the Fetch button.

Note: Once the settings are applied and the dialog box is closed, the console preserves the server name specified and custom classifications from that server will be automatically added to the list when opening this dialog box the next time.

•Exact file match - With this check box selected, the group serves to detect exact matches of files being inspected, with source files of fingerprints from the database. A rule that uses such a group detects a two files match in only case of a match of their checksums. Other elements (hashes) of those files’ fingerprints are not compared.

If a file exactly matches a source file that has a non-zero percentage of fingerprint elements attributed to different classifications, then the file is assigned the highest level of those classifications. For example, if the fingerprint of the source file is 10% “Top Secret” and 90% “Unclassified”, then the file that exactly matches this source file is considered “Top Secret”. As a result, the group may not detect exact file match if the group’s classification level is lower than the highest classification level of the fingerprint source file.

If this check box is cleared, the group serves to compare other fingerprint elements (hashes), which enables it to detect partial matches of inspected content with source content of fingerprints from the database. The degree of fingerprint matching that would indicate a partial match of content is determined by the Threshold setting.

Note: When a given group has the Exact file match check box selected:

•The group compares the checksum of the file being inspected with the checksums of the source files of all fingerprint versions found in the classification specified.

•Rules that use this group may skip inspecting fingerprints of files held in archives. For details, see Inspecting fingerprints within archives.

•An “allow” rule based on such a group takes precedence over “deny” rules (if any), and will allow the transfer of any matching content. An “allow” rule based on a complex group would take precedence in a situation where the logically connected chain of groups that allows the given content includes a group with the Exact file match check box selected.

•Threshold - The rule triggers if the percentage of information in the inspected content matching the selected classification level exceeds the value that this setting specifies. The percentage of information matching the given classification is determined by assessing how many elements in the fingerprint of the inspected content match the fingerprints of that classification held in the database. More information on this can be found in How It Works (see Match percentage).

•Use only binary fingerprints for password protected documents - When this check box is selected, the group omits checking text content if it cannot be extracted from the document or archive due to password-protection. A rule that uses such a group checks fingerprints of binary and, if possible, text content. If DeviceLock cannot extract text content, then the rule is limited to checking binary content.

When this check box is cleared, the group raises an error if it cannot check text content of a password-protected document or archive. In this case, DeviceLock Service does not allow that document or archive due to an error when inspecting its fingerprints.