DLP in text, images, speech

On this page it is possible to set up DLP (data leak prevention) in documents/images/voice.

If the user performs one of selected actions with the certain objects in the inner text of which there is one or several coincidence from the sensitive list then the event will be notified. This event may be recorded to the report "Events" and an immediate push-notification will appear in BOSS-Online. The events are set up in the tab "Events".
It is also possible to allow or forbid certain activities.

In case some important company files change seldom or do not change at all, it makes sense to grab "file hashes" and not to fill the sensitivity list manually. For details see "File hashes".

It is also possible to mark important documents using hidden marks (you have to use special utility), to protect them or control sending of these documents (or their parts) outside the company.

How to fill in the block "sensitivity":
- each new elements of the list must start with the new line;
- if an accurate coincidence is required it is possible to specify a word or a phrase without prefixes;
- if inaccurate word search is required it is possible to specify single words (not phrase!) with prefix "~";
Warning! Language morphology features are works only for Russian and English languages! Therefore, do not use the tilde "~" symbol before the words from other languages!
- it is possible to use following templates: @CREDITCARD@ (bank card number), @PHONE@ (phone number), @EMAIL@ (e-mail-address);
- own templates based on regular expressions;
- marks, with which documents can be marked (the mark must be enclosed between the characters '#': #mylabel123#, only English alphabet letters and numbers are allowed, case matters!).

There are also situations when different elements of the "sensitivity" block require different reactions. For example, if less than five passport numbers are found in a document, then do not consider this as a threat at all and do not generate an event, but allow blocking of file transfer only if there are 50 passport numbers or more. But at the same time, the situation should be different for credit card numbers: triggering and blocking when at least one is found.
For such cases, it is possible to enter threshold values for each list element (two numbers separated by commas after the name: the first is the detection threshold, the second is the blocking threshold).
Please note that blocking in this case will only occur if the corresponding blocking settings are enabled in the settings at this page!
An example for the above case (assuming that the regular expression @passport@ is created):
@passport@,5,50
@CREDITCARD@,1,1
If threshold values are not specified, (1,1) is assumed as the default.
For digital document marks this option has no meaning and implies (1,1).

Attention! It is required that corresponding monitoring options must be enabled for DLP processing on the homonym settings tabs (for example, clipboard monitoring, file operations etc.)

Attention! DLP processing is oriented on file output but not on the input. So, for example, such action as copying files from removable drives won't be recorded!

Attention! In the current version there is no FTP-file transfer blocking. Instead, you can completely block FTP traffic in the settings!

Attention! It is worth mentioning that any DLP may be skipped so the software suit cannot guarantee prevention from leakage in all possible cases.

Attention! Parsing .pdf files takes a significant amount of time, so enable this option if absolutely necessary! Also, this .pdf analysis will not work on terminal servers.

Attention! For block printing you need to turn on option "Intercept printing inside processes" at this settings tab.

Option "Search at most N-matches for each regular expression": introduced for optimization, so as not to waste time searching for expressions if a certain number of them have already been found. Specify 0 to remove restrictions.

If the option "Send shadow copies of documents only if DLP analysis is triggered" is enabled, it will not be possible to download the document through reports in BOSS-Offline if a DLP-event has not been triggered in it. This allows you to save network traffic and server disk space if you are interested in shadow copies of important documents only.

See also "Sending files"

v10.70 (build: Mar 4 2025)
Introduction +Software suite structure +Software suite installation +Software suite uninstall +Software suite update -Global settings Database users -Software suite settings General settings description +Server settings +Client settings (computer) -Client settings (user) Common settings Monitoring - Face recognition Monitoring - User time Monitoring - Applications-sites Monitoring - Keylogger Monitoring - Clipboard Monitoring - Screenshots Monitoring - Screenshots (extra) Monitoring - Printing Monitoring - File operations Monitoring - Sending files Monitoring - Mail Monitoring - Chats-calls Monitoring - Shadow copy Monitoring - Black box Monitoring - Geolocation Monitoring - Autorecording Monitoring - Mobile client Restrictions Threats DLP in text, images, speech Critical apps-sites Atypical behavior Events Events (video) Events (extra) Outsourcing Groups Company structure Work schedules Dossier of employees Sync with AD Risk analyzer Report templates File hashes Tariffs List of users Work with DB SQL-console Journal +Other +FAQ +Technical support	DLP in text, images, speech On this page it is possible to set up DLP (data leak prevention) in documents/images/voice. If the user performs one of selected actions with the certain objects in the inner text of which there is one or several coincidence from the sensitive list then the event will be notified. This event may be recorded to the report "Events" and an immediate push-notification will appear in BOSS-Online. The events are set up in the tab "Events". It is also possible to allow or forbid certain activities. In case some important company files change seldom or do not change at all, it makes sense to grab "file hashes" and not to fill the sensitivity list manually. For details see "File hashes". It is also possible to mark important documents using hidden marks (you have to use special utility), to protect them or control sending of these documents (or their parts) outside the company. How to fill in the block "sensitivity": - each new elements of the list must start with the new line; - if an accurate coincidence is required it is possible to specify a word or a phrase without prefixes; - if inaccurate word search is required it is possible to specify single words (not phrase!) with prefix "~"; Warning! Language morphology features are works only for Russian and English languages! Therefore, do not use the tilde "~" symbol before the words from other languages! - it is possible to use following templates: @CREDITCARD@ (bank card number), @PHONE@ (phone number), @EMAIL@ (e-mail-address); - own templates based on regular expressions; - marks, with which documents can be marked (the mark must be enclosed between the characters '#': #mylabel123#, only English alphabet letters and numbers are allowed, case matters!). There are also situations when different elements of the "sensitivity" block require different reactions. For example, if less than five passport numbers are found in a document, then do not consider this as a threat at all and do not generate an event, but allow blocking of file transfer only if there are 50 passport numbers or more. But at the same time, the situation should be different for credit card numbers: triggering and blocking when at least one is found. For such cases, it is possible to enter threshold values for each list element (two numbers separated by commas after the name: the first is the detection threshold, the second is the blocking threshold). Please note that blocking in this case will only occur if the corresponding blocking settings are enabled in the settings at this page! An example for the above case (assuming that the regular expression @passport@ is created): @passport@,5,50 @CREDITCARD@,1,1 If threshold values are not specified, (1,1) is assumed as the default. For digital document marks this option has no meaning and implies (1,1). Attention! It is required that corresponding monitoring options must be enabled for DLP processing on the homonym settings tabs (for example, clipboard monitoring, file operations etc.) Attention! DLP processing is oriented on file output but not on the input. So, for example, such action as copying files from removable drives won't be recorded! Attention! In the current version there is no FTP-file transfer blocking. Instead, you can completely block FTP traffic in the settings! Attention! It is worth mentioning that any DLP may be skipped so the software suit cannot guarantee prevention from leakage in all possible cases. Attention! Parsing .pdf files takes a significant amount of time, so enable this option if absolutely necessary! Also, this .pdf analysis will not work on terminal servers. Attention! For block printing you need to turn on option "Intercept printing inside processes" at this settings tab. Option "Search at most N-matches for each regular expression": introduced for optimization, so as not to waste time searching for expressions if a certain number of them have already been found. Specify 0 to remove restrictions. If the option "Send shadow copies of documents only if DLP analysis is triggered" is enabled, it will not be possible to download the document through reports in BOSS-Offline if a DLP-event has not been triggered in it. This allows you to save network traffic and server disk space if you are interested in shadow copies of important documents only. See also "Sending files"
© KICKIDLER DLP