Enable and configure DLP (Data Leak Prevention)

DLP functionality:

  • Bluetooth devices connecting prevention;
  • Configurable forbiddance of removable USB drives using;
  • You can disable drives connecting via MTP protocol: phones, cameras, removable disks;
  • Disable writing on CD / DVD drives;
  • Prevent configuration changes or deletion of this program by other users;
  • Controlled prevention of file sending to external resources;
  • Prevent access to folders and files in the local network;
  • Prevent downloading and running applications from the Internet and external devices.

How to enable security features

After the registration on our server and  StaffСounter agent installation open the Settings page and scroll down to the DLP section.

Configuration:

Disable access to Bluetooth devices

It is necessary to switch “Disable sending files by Bluetooth” on.

The data transfer to Bluetooth devices and back will be impossible now.

Customizable access to flash drives

In the field Control USB flash drives and HDD by serial number, we create access rules for USB drives based on their serial number, VID, and PID. To find out the serial number, VID, and PID of the drive, install the ChipGenius program.

The format of this field is

VID:PID:SN=''/r/w

the “*” sign, in this case, means any VID and PID; This can be done to save time, since the serial number is quite unique, and the VID and PID are often the same. A void after = means that no actions for this drive on this computer are applicable — neither reading, writing, nor formatting.

If, on the contrary, you need to allow reading and writing to only one drive, you should set the following rule:

*:*:SN=rw

If it is necessary to prohibit only writing to the drive, then we write

*:*:SN=r

Attention: with the “r” parameter, it is impossible to record new data, but deleting old data and formatting is possible, so be careful!

*:*:*=   // means for all devices everything is forbidden.

*:*:*=r  // means for all the devices is allowed only reading.

*:*:*=rw  //  means for all the devices – without restrictions.

The ban on connecting drives via MTP-protocol

Turn on the checkbox Block access to smartphones and cameras connected by USB.

The function does not allow users to transfer data to phones, cameras, players, and other devices connected via the USB port. Devices are not available for reading and writing.

Disable writing to CD / DVD drives

Turn on the “Disable write files to DVD recorder” option.

The program prohibits writing to CDs and DVDs directly from the conductor, as well as through various burning programs.

Controlled ban on sending files to external resources

Turn on the item Disable uploading data with the following browsers:
In the Rules field, you can enter one of three (or several immediately separated by a semicolon without spaces) supported by our system browsers: Google Chrome (chrome), Internet Explorer / Edge (explore), Mozilla Firefox (Firefox), and Skype(skype). Sending to external resources through selected browsers will be prohibited. The most common configuration is chrome;explore;firefox;skype10

Prevent access to folders on the local network

Check the Block access to all shared folders option.

Now the recording of files and folders in the local network folders (including FTP) will be prohibited. File reading is still available.

Prevent downloading and running applications from the Internet and from external devices

Turn on the Disable to download applications from the web option. This module will prohibit downloading applications from the Internet, unzipping executable files, as well as installing new programs. In addition, unauthorized removal of the StaffCounter DLP agent from the operating system will be prohibited. If you need to uninstall our product, you will need to disable this option first.

Note:

  1. Only the user who has access to the Control Panel on the StaffCounter can disable the protection functions and make changes by default. Other users (even with administrator rights) do not have the authority to change the module configuration.
  2. Before uninstalling the program of StaffCounter, you should disable DLP protection, otherwise, the removal of the program will be refused.
  3. Before installing the StaffCOunter agent on Windows 7 and Windows 2008, you should install the latest security updates from Microsoft Security Advisory.
  4. After the switching option on and off, you should save the settings and restart the target computer.