0% found this document useful (0 votes)

111 views

Endpoint Protector 5 User Manual EN PDF

Uploaded by

happy girl

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

111 views

Endpoint Protector 5 User Manual EN PDF

Uploaded by

happy girl

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 189

User Manual for Version 5.2.0.

User Manual
I | Endpoint Protector | User Manual

Table of Contents

1. Introduction ........................................... 1
1.1. Main components .............................................................. 2

2. Server Functionality ................................ 3

2.1. Endpoint Protector Configuration Wizard .............................. 4
2.2. General Dashboard ........................................................... 5
2.3. System Status .................................................................. 5
2.4. Live Update ...................................................................... 6
2.5. Effective Rights ................................................................. 8

3. Device Control ........................................ 9

3.1. Dashboard ....................................................................... 9
3.2. Devices.......................................................................... 10
3.2.1. Device Rights .............................................................. 12
3.2.2. Device History ............................................................. 13
3.3. Computers ..................................................................... 13
3.3.1. Computer Rights .......................................................... 15
3.3.2. Computer Settings ....................................................... 16
3.3.3. Computer History......................................................... 16
3.3.4. Terminal Servers and Thin Clients................................... 17
3.4. Users ............................................................................ 20
3.4.1. User Rights ................................................................. 21
3.4.2. User Settings .............................................................. 22
3.4.3. User History ................................................................ 23
3.5. Groups .......................................................................... 23
3.5.1. Group Rights ............................................................... 24
3.5.2. Group Settings ............................................................ 26
3.6. Global ........................................................................... 26
3.6.1. Global Rights ............................................................... 26
3.6.2. Global Settings ............................................................ 32
3.7. File Whitelists ................................................................. 41
3.8. Custom Classes .............................................................. 42
3.9. Priorities for device rights ................................................ 44
II | Endpoint Protector | User Manual

3.9.1. Priorities for Device Control Policies ................................ 45

4. Content Aware Protection ....................... 46

4.1. Content Aware Protection Activation .................................. 47
4.2. Dashboard ..................................................................... 48
4.3. Content Aware Policies .................................................... 48
4.3.1. Creating a Content Aware Protection Policy ...................... 50
4.3.2. Predefined policies ....................................................... 56
4.3.3. Applying multiple Content Aware Policies ......................... 57
4.3.4. HIPAA compliance ........................................................ 58
4.4. Deep Packet Inspection ................................................... 61
4.4.1. Deep Packet Inspection Ports & Settings .......................... 62
4.4.2. Deep Packet Inspection Applications ............................... 62

5. eDiscovery ........................................... 64
5.1. eDiscovery Activation ...................................................... 64
5.2. Dashboards .................................................................... 65
5.3. eDiscovery Policies and Scans .......................................... 66
5.3.1. Creating an eDiscovery Policy and Scan ........................... 67
5.4. eDiscovery Scan Result and Actions .................................. 70
5.4.1. Viewing Scan Results and taking Actions .......................... 71

6. Blacklists and Whitelists ......................... 72

6.1. File Type Blacklists .......................................................... 72
6.2. Predefined Content Blacklists ............................................ 74
6.3. Custom Content Blacklists ................................................ 75
6.4. File Name Blacklists ........................................................ 77
6.5. File Location Blacklists ..................................................... 79
6.6. Scan Location Blacklists ................................................... 80
6.7. Regex Blacklists .............................................................. 81
6.8. Domain and URL Blacklists ............................................... 83
6.9. MIME Type Whitelists ...................................................... 84
6.10. Allowed Files Whitelists .................................................... 85
6.11. File Location Whitelists .................................................... 86
6.12. Network Share Whitelists ................................................. 88
III | Endpoint Protector | User Manual

6.13. E-mail Domain Whitelists ................................................. 89

6.14. URL Name Whitelists ....................................................... 91
6.15. Deep Packet Inspection Whitelists ..................................... 92

7. Enforced Encryption .............................. 95

7.1. EasyLock ....................................................................... 95
7.1.1. EasyLock Deployment ................................................... 96
7.1.2. EasyLock Settings ........................................................ 97
7.1.3. EasyLock Clients .......................................................... 99

8. Offline Temporary Password ................. 100

8.1. Generating the Offline Temporary Password ..................... 102

9. Reports and Analysis ........................... 104

9.1. Log Report ................................................................... 104
9.2. File Tracing .................................................................. 105
9.3. File Shadowing ............................................................. 106
9.4. Content Aware Report ................................................... 106
9.5. Content Aware File Shadowing ........................................ 107
9.6. Admin Actions .............................................................. 108
9.7. Online Computers ......................................................... 108
9.8. Online Users ................................................................. 109
9.9. Online Devices .............................................................. 110
9.10. Statistics...................................................................... 110

10. Alerts ............................................ 111

10.1. System Alerts ............................................................... 112
10.1.1. Creating a System Alert .............................................. 112
10.1.2. System Alerts History ................................................. 113
10.2. Device Control Alerts ..................................................... 114
10.2.1. Creating a Device Control Alert .................................... 114
10.2.2. Device Control Alerts History ....................................... 116
10.3. Content Aware Alerts ..................................................... 116
10.3.1. Creating a Content Aware Alert .................................... 117
10.3.2. Content Aware Alerts History ....................................... 117
10.4. EasyLock Alert .............................................................. 118
IV | Endpoint Protector | User Manual

10.4.1. Creating an EasyLock Alert .......................................... 118

10.4.2. EasyLock Alert History ................................................ 119

11. Directory Services ........................... 120

11.1. Creating a New Connection ............................................ 120
11.2. Connection Details & Synchronization Options .................. 121

12. Appliance ....................................... 123

12.1. Server Information ........................................................ 123
12.2. Server Maintenance ...................................................... 123
12.2.1. Time Zone Settings .................................................... 124
12.2.2. Network Settings ....................................................... 125
12.2.3. Reset Appliance to Factory Default ................................ 125
12.2.4. SSH Server ............................................................... 125
12.3. SIEM Integration ........................................................... 126

13. System Maintenance ........................ 128

13.1. File Maintenance ........................................................... 128
13.2. Exported Entities .......................................................... 129
13.3. System Snapshots ........................................................ 131
13.4. Audit Log Backup .......................................................... 133
13.4.1. Audit Log Backup Scheduler......................................... 134
13.5. External Storage ........................................................... 135
13.5.1. FTP Server ................................................................ 135
13.5.2. SFTP Server .............................................................. 136
13.5.3. Samba / Network Share Server .................................... 137
13.6. System Backup ............................................................. 138
13.6.1. From the Web Interface .............................................. 138
13.6.2. From the Console ....................................................... 142
13.7. System Backup v2 ........................................................ 143
13.7.1. Creating a System Backup v2 (Migration) ...................... 144
13.7.2. Importing and Restore (Migrate) .................................. 145
13.8. File Shadow Repository .................................................. 146

14. System Configuration ....................... 148

14.1. Client Software ............................................................. 148
V | Endpoint Protector | User Manual

14.2. Client Software Upgrade ................................................ 149

14.3. Client Uninstall ............................................................. 149
14.4. System Administrators .................................................. 150
14.5. Administrators Groups ................................................... 154
14.6. System Departments ..................................................... 155
14.7. System Security ........................................................... 157
14.8. System Settings ........................................................... 158
14.8.1. Endpoint Protector Rights Functionality .......................... 158
14.8.2. Active Directory Authentication .................................... 158
14.8.3. Proxy Settings ........................................................... 159
14.9. System Licensing .......................................................... 160
14.9.1. Free Trial .................................................................. 161
14.9.2. Import and manage Licenses ....................................... 161

15. System Parameters ........................ 163

15.1. Device Types and Notifications ....................................... 163
15.1.1. Trusted Devices ......................................................... 164
15.2. Contextual Detection ..................................................... 166
15.2.1. Creating the XML ....................................................... 167
15.2.2. Uploading the XML ..................................................... 169
15.3. Advanced Scanning Detection ......................................... 172
15.4. Device Rights ............................................................... 173
15.5. Events ......................................................................... 174

16. Endpoint Protector Client .................. 175

16.1. Client Installation .......................................................... 175
16.1.1. Debian based distributions .......................................... 176
16.1.2. RedHat based distributions .......................................... 179

17. Support ......................................... 182

18. Disclaimer ...................................... 183
1 | Endpoint Protector | User Manual

1. Introduction

Portable storage devices such as USB flash drives, external HDDs, digital
cameras, MP3 players and iPods are virtually everywhere and are connected to a
Windows, Mac or Linux computer within seconds. With virtually every computer
having access to internet, online applications and collaboration tools, data theft
or accidental data loss becomes a mere child’s play.

Data loss and data theft through a simple internet connection or USB device is
easy and does not take more than a few seconds. Network Administrators had
little chance to prevent this from happening or to identify the responsible users.
This was the hard reality until now.

Endpoint Protector, through its Device Control, Content Aware Protection,

eDiscovery and Enforced Encryption modules, helps companies stop these
threats. It not only controls all device activity at the endpoints, but monitors and
scans all possible exit points for sensitive content detection. It ensures critical
business data does not leave the internal network either by being copied on
devices or sent via the Internet without authorization, reporting all sensitive
data incidents. Moreover, data at rest residing on endpoints can be inspected for
sensitive content and remediation actions can be taken. Additionally, enforcing
encryption on the USB removable devices is also possible. Everything from a
single web-based interface.

Information
Endpoint Protector is a complete Data Loss Prevention and Enterprise
Mobility Management solution. While the DLP related features and
functionality will be explained below, please reference the MDM User
Manual for information related to smartphones and tablets. Additional
information regarding deployment of the Endpoint Protector Server can be
found in the Virtual and Hardware Appliance User Manual.
.
2 | Endpoint Protector | User Manual

1.1. Main components

Endpoint Protector is designed around several physical entities:

▪ Computers
Windows, Mac and Linux workstations that have the Endpoint Protector
Client installed.

▪ Devices
The devices which are currently supported by Endpoint Protector.
e.g.: USB devices, digital photo cameras, USB memory cards, etc.

▪ Users
The user who will be handling the devices and the computers.

The Server side of Endpoint Protector has different parts, working close
together:

▪ Endpoint Protector Hardware or Virtual Appliance – containing Operating

System, Database, etc.

▪ Web Service – communicating with the Endpoint Protector Clients and

storing the information received from them

▪ Endpoint Protector User Interface – managing the existing devices,

computers, users, groups and their behavior in the entire system
3 | Endpoint Protector | User Manual

2. Server Functionality

After the Endpoint Protector Hardware or Virtual Appliance setup, the User
Interface can be accessed by simply entering the assigned IP address. The
default Endpoint Protector Appliance IP address is https://192.168.0.201.

Information
The default login credentials for Endpoint Protector are:
Username: root
Password: epp2011

To change these settings or to create additional administrators, please see

chapter 14.4 System Administrators
.
4 | Endpoint Protector | User Manual

Note
When entering the IP address, the HTTPS (Hypertext Transfer Protocol
Secure) prefix must be used.

2.1. Endpoint Protector Configuration Wizard

The Configuration Wizard offers the Administrator some simple steps to define
some basic settings. These include setting up the Server Time Zone, importing
Licenses, Server Update or uploading Offline Patches, Global device rights, E-
mail Server settings, Main Administrator details, etc. The settings can later be
changed at any time.

Information
The Configuration Wizard only appears if the basic settings for Endpoint
Protector have never been configured.
5 | Endpoint Protector | User Manual

2.2. General Dashboard

This section offers a quick overview in the form of graphics and charts related to
the most important activities logged by Endpoint Protector.

Information
More specific Dashboards are available at Device Control, Content Aware
Protection and eDiscovery.

2.3. System Status

This section offers a quick overview of the system’s functionality, alerts and
backup status. There are several main functionalities that can be turned ON or
OFF with just a click of a button.
6 | Endpoint Protector | User Manual

From the System Functionality subsection, Endpoint Protector can be turned ON

or OFF, as well as just specific modules (Device Control, Content Aware
Protection or eDiscovery).

From the System Status subsection, the HDD Disk Space and Log Rotation can
be turned ON or OFF.

Information
If this setting is ON, when the Server’s disk space reaches a certain
percentage, old logs will be automatically overwritten with the new ones
coming in.

The percentage can be set starting with 50%, 60%, etc. up to 90%.

From the System Alerts subsection, important alerts notifying the expiration of
the APNS Certificate, Updates and Support or Passwords can be turned ON or
OFF.

From the System Backup subsection, the System Backup can be turned ON or
OFF.

2.4. Live Update

This section allows checking and applying the latest Endpoint Protector Server
updates.
7 | Endpoint Protector | User Manual

Note
This feature communicates through port 80.

The Configure Live Update allows selecting one of the two options for performing
the live update check: manually or automatically and enabling or disabling the
Automatic Reporting to the Live Update Server.

By pressing the Check Now button, a search for the Endpoint Protector Server
updates will begin.

In case new updates are found, they are displayed under the Available Updates
section and can be directly installed by pressing on the Apply Updates button.
The latest installed updates can be checked by pressing on the View Applied
Updates button. The Offline Patch Uploader offers the possibility to upload
updates in situations where an internet connection is not available.

Note
Contact [email protected] to request the Offline Patch.
8 | Endpoint Protector | User Manual

2.5. Effective Rights

This section displays the Device Control or Content Aware Protection policies
applied at that time. Depending on the options selected from the drop-down
menus, information can be displayed based on rights, users, computers, device
types, specific devices, report type (PDF or XLS), include Outside Hours and
Outside Network Policies and more.

Once generated, the report will be ready for download and used as desired.
9 | Endpoint Protector | User Manual

3. Device Control

From this section, the Administrator can manage all entities in the system, their
subsequent rights and settings. The subsections are Dashboard, Devices,
Computers, Users, Groups, Global (Rights and Settings), Custom Client
Notifications, File Whitelists and Custom Classes.

While it includes some additional settings, this section can be considered the
Device Control module. As the first layer of security within Endpoint Protector, it
is activated by default in every configuration provided.

3.1. Dashboard
This section offers a quick overview in the form of graphics and charts related to
the Endpoint Protector Entities.
10 | Endpoint Protector | User Manual

3.2. Devices
From this section, the Administrator can manage all devices in the system. Any
new device connected to a protected computer is automatically added to the
database, thus making it manageable.

A device is identified by the device parameters (Vendor ID, Product ID, and
Serial Number) but information like Name and Description of the device is also
used. A device is assigned by default to the first user that handles the device.
This, however, can later be changed.

The Administrator can manually create a new device at any time by providing
the device parameters and information mentioned above. Devices can also be
imported into Endpoint Protector from Active Directory.

Information
For more details about Active Directory, please see chapter 11 Directory
Services.

The Actions column offers multiple options related to device management like
Edit, Manage Rights, Device History and Delete.

The Status column indicates the current rights of the devices.

11 | Endpoint Protector | User Manual

Information
There are several states a device can be in. As a general rule:
- red means the device is blocked in the system
- green means the device is allowed in computers or users
- yellow means the device is allowed on some users or computers with
restrictions

If not otherwise configured, the device rights are inherited from the default
Global Rights that are set per Device Types (USB Storage Device, Digital
Camera, iPod, Thunderbolt, Chip Card Device, etc.).

Information
For more details about Device Type, please see paragraph 3.6.1.1 Device
Types.

Note
If device rights will be configured granularly for all entities, the priority
order, starting with the highest, will be:
Devices > Computers | Users > Groups > Global.

Example
If global rights indicate that no computer on the system has access to a
specific device, and for one computer that device has been authorized,
then that computer will have access to that device.

Information
The option to Export/Import Devices in JSON format is also available. This
allows a list of devices to be exported from one Endpoint Protector Server
and imported in a different Endpoint Protector Server.

This feature is intended to correlate the device rights and the Groups.
Therefore, if the same Groups exist on both Servers, the imported devices
will also maintain the access rights. If the Groups do not exist, the devices
will still be imported but the access rights will be ignored.
12 | Endpoint Protector | User Manual

3.2.1. Device Rights

The Device Rights can be accessed by going in the Actions column for the
specific device and selecting Manage Rights. This section is built around the
devices, allowing the Administrator to enable or disable them for specific
computers, groups or users.

After selecting a device, assigning the specified rights to the desired users,
computers or groups is straight forward, using the 2-step wizard:

• Select the Entity and the Device right

• Select the Entities (Computers, Groups or Users)

13 | Endpoint Protector | User Manual

3.2.2. Device History

From this section, the Administrator can view the device history by selecting the
View Device History action. This will show the Logs Report page filtered for the
respective device.

3.3. Computers
From this section, the Administrator can manage all computers in the system.
Any new computer that has the Endpoint Protector Client deployed will be
automatically added to the database, thus making it manageable.
14 | Endpoint Protector | User Manual

The Endpoint Protector Client has a self-registration mechanism. This process is

run once after the Client software is installed on a client computer. The Client
will then communicate to the Server its existence in the system. The Server will
store the information regarding the Computer in the database and it will assign a
License.

Note
The self-registration mechanism acts whenever a change in the Computer
licensing module is made, and also each time the application Client is
reinstalled. The owner of the computer is not saved in the process of self-
registration.

Information
For more details about Licensing, please see chapter 14.9 System Licensing

A Computer is identified by the computer parameters (Main IP, IP List, MAC,

Domain or Workgroup) but information like Name and Description is also
essential. A computer is assigned by default to the first user that handles the
computer. This, however, can later be changed and is updated automatically
based on whoever logs into the computer.

The Administrator can manually create a new computer at any time by providing
the computer parameters and information mentioned above. Computers can also
be imported into Endpoint Protector from Active Directory.

Information
For more details about Active Directory, please see chapter 11 Directory
Services.

Tips
For a better organization, computers can be assigned to:
- Groups (e.g. several computers within the same office)
For more details about Groups, please see chapter 3.5 Groups.
- Department (an alternative organization to Groups).
For more details about Departments, please see chapter 14.6 System
Departments.
15 | Endpoint Protector | User Manual

3.3.1. Computer Rights

The Computer Rights can be accessed by going in the Actions column for the
specific computer and selecting Manage Rights. This section is built around the
computers, allowing the Administrator to specify which Device Types and also
which Specific Devices can be accessible.

Tips
The Standard device control rights includes the Device Types and Already
Existing Devices sections. These are generally the only device rights used.
In addition to the Standard device control rights, if enabled from the
Global Settings, the administrator can create fallback policies for Outside
Network and Outside Hours circumstances.

Information
For more details about Device Types and Specific Devices (Standard,
Outside Network and Outside Hours), please see chapter 3.6.1 Global
Rights.
16 | Endpoint Protector | User Manual

Note
The Restore Global Rights button can be used to revert to a lower level of
rights. Once this button is pushed all rights on that level will be set to
preserve global settings and the system will use the next level of rights.
All Existing Devices that were added on that level will be deleted when the
restore is used.

3.3.2. Computer Settings

This section will allow the Administrator to edit the settings for each computer.

Defining custom settings for all computers is not necessary since a computer is
perfectly capable of functioning correctly without any manual settings defined. It
will do this by either inheriting the settings from the group it belongs to or, if not
possible, the global settings, which are mandatory and exist in the system with
default values from installation.

3.3.3. Computer History

From this section, the Administrator can view the computer history by selecting
the View Computer History action. This will show the Logs Report page filtered
for the respective computer.
17 | Endpoint Protector | User Manual

3.3.4. Terminal Servers and Thin Clients

The capability to control file transfers on RDP storage between Thin Clients and
Windows Terminal Servers can be enforced through Endpoint Protector, as
detailed below.

3.3.4.1. Initial Configuration

The process starts with the menu view from Device Control > Computers,
namely the action to Mark as Terminal Server .

After successfully marking the desired computer in the system as a Terminal

Server, “Yes” will be displayed for ease of identification, as seen below:
18 | Endpoint Protector | User Manual

Note
The computers that can be targeted by this action are strictly Windows
Servers with Terminal Server roles properly configured

Information
Make sure that there is at least one Terminal Server license available when
the action Mark as Terminal Server is performed.

If the Terminal Server is successfully marked, a new device type will appear
when choosing to Edit it under Device Control > Computers > Computer Rights.

The settings for the Terminal Server specific Device Types are: Preserve Global
Settings, Allow Access, Deny Access and Read Only Access.

An Allow Access right set to the RDP Storage device type will enable all users
that connect to the Terminal Server by RDP to transfer files to and from their
local disk volume or shared storage devices such as USBs.

By contrast, a Deny Access right set to the RDP Storage will not allow any user
that connects to the Terminal Server by RDP to transfer files to and from their
local disk volume or shared storage devices such as USBs.

Note
The option to Use User Rights must be checked in the settings bar from
System Configuration > System Settings > Endpoint Rights Functionality
for the rights policy to apply on user logins with user priority.

Secondly, the menu from Device Control > Users > Rights will present an
additional device type for all the users in Endpoint Protector, namely Thin Client
Storage (RDP Storage).
19 | Endpoint Protector | User Manual

Multiple users can be recognized as active users on any given Terminal Server,
and so, this rights setting can be used as a powerful tool to create access
policies to specific users, as detailed in the use case below.

On a Windows Terminal Server, the Endpoint Protector Client will display RDP
Storage disks shared by one or multiple Thin Clients as seen below.
20 | Endpoint Protector | User Manual

3.4. Users
From this section, the Administrator can manage all the users in the system.
Users are defined as the end-users who are logged on a computer on which the
Endpoint Protector Client software is installed. Any new user will be
automatically added to the database, thus making them manageable.

A user is identified by information like Name (Username, First Name, Last

Name), Department, Contact Details (Phone, E-mail) and others and is also
automatically assigned to a computer.

The Administrator can manually create a new user at any time by providing the
user’s parameters and information mentioned above. Users can also be imported
into Endpoint Protector from Active Directory.

Information
For more details about Active Directory, please see chapter 11 Directory
Services.

There are two users created by default during the installation process of
Endpoint Protector:

noUser – is the user linked to all events performed while no user was logged
into the computer. Remote users’ names who log into the computer will not be
logged and their events will be stored as events of noUser. Another occurrence
of noUser events would be to have an automated script/software which accesses
a device when no user is logged in to the specific computer.
21 | Endpoint Protector | User Manual

autorunUser – indicates that an installer has been launched by Windows from

the specific device. It is the user attached to all events generated by the
programs launched from the specific device when Autoplay is enabled in the
Operating System.

Information
Depending on the OS, additional system users can appear:
- _mbsetupuser (for macOS, during updates)
- 65535, 62624, etc. (for Linux, during locked screens)

The Actions column offers multiple options related to user management like Edit,
Manage Rights, History and Delete.

3.4.1. User Rights

The User Rights can be accessed by going in the Actions column for the specific
user and selecting Manage Rights. This section is built around the users, allowing
the Administrator to specify what Device Types and also what Specific Devices
can be accessible.
22 | Endpoint Protector | User Manual

Tips
The Standard device control rights includes the Device Types and Already
Existing Devices sections. These are generally the only device rights used.

In addition to the Standard device control rights, if enabled from the

Global Settings, the administrator can create fallback policies for Outside
Network and Outside Hours circumstances.

Information
For more details about Device Types and Specific Devices (Standard,
Outside Network and Outside Hours), please see chapter 3.6.1 Global
Rights.

All Existing Devices that were added on that level will be deleted when the
restore is used.

3.4.2. User Settings

This section will allow the Administrator to edit the settings for each user.
23 | Endpoint Protector | User Manual

Defining custom settings for all users is not necessary since a user is perfectly
capable of functioning correctly without any manual settings defined. It will do
this by either inheriting the settings from the group it belongs to or, if not
possible, the global settings, which are mandatory and exist in the system with
default values from installation.

3.4.3. User History

From this section, the Administrator can view the user history by selecting the
View User History action. This will show the Logs Report page filtered for the
respective user.

3.5. Groups
From this section, the Administrator can manage all the groups in the system.
Grouping computers and users will help the Administrator manage rights or
settings for these entities in a more efficient way.
24 | Endpoint Protector | User Manual

A group is identified by information like Name and Description, as well as based

on the entities (Computers and Users).

The Administrator can manually create a new group at any time by providing the
group information mentioned above. Groups can also be imported into Endpoint
Protector from Active Directory.

Information
For more details about Active Directory, please see chapter 11 Directory
Services.

The Actions column offers multiple options related to the group’s management
like Edit, Manage Rights, Manage Settings, History and Delete.

3.5.1. Group Rights

The Group Rights can be accessed by going in the Actions column for the specific
group and selecting Manage Rights. This section is built around the group,
allowing the Administrator to specify what Device Types and also what Specific
Devices can be accessible.
25 | Endpoint Protector | User Manual

This section is similar to the Computer Rights section, the difference being that it
applies to all the computers that are part of the group simultaneously.

Tips
The Standard device control rights includes the Device Types and Already
Existing Devices sections. These are generally the only device rights used.

In addition to the Standard device control rights, if enabled from the

Global Settings, the administrator can create fallback policies for Outside
Network and Outside Hours circumstances.

Information
For more details about Device Types and Specific Devices (Standard,
Outside Network and Outside Hours), please see chapter 3.6.1 Global
Rights.

All Existing Devices that were added on that level will be deleted when the
restore is used.
26 | Endpoint Protector | User Manual

3.5.2. Group Settings

This section will allow the administrator to edit the settings for each group.

We mentioned earlier that computers and users can be grouped in order to make
editing the settings easier and more logical. Defining custom settings for all
groups is not necessary since a computer is perfectly capable of functioning
correctly without any granular settings defined. It will do this by either inheriting
the settings from the group it belongs to or, if not possible, the global settings,
which are mandatory and exist in the system with default values from
installation.

3.6. Global
From this section, the Administrator can manage the entire system. The
Administrator can specify what rights and settings apply globally, to all Endpoint
Protector entities.

Note
If device rights or other settings will be configured granularly for entities,
the priority order, starting with the highest, will be:
Devices > Computers | Users > Groups > Global.

3.6.1. Global Rights

This section relates to the entire system, allowing the Administrator to specify
what Device Types and also what Specific Devices can be accessible. While
Standard Rights Policies are the default ones, Outside Hours or Outside Network
27 | Endpoint Protector | User Manual

Policies are also available. These are dependent first activating settings from
Global Settings.

3.6.1.1. Device Types (Standard)

Endpoint Protector supports a wide range of device types, which represent key
sources of security breaches. These devices can be authorized, which makes it
possible for the users to view, create, or modify their content and for
administrators to view the data transferred to and from the authorized devices.

• Removable Storage Devices

• Normal USB Flash Drives, U3 and Autorun Drives, Disk on Key, etc.

• USB 1.1, USB 2.0, USB 3.0

• Memory Cards - SD Cards, MMC Cards, and Compact Flash Cards, etc.

• Card Readers - internal and external

• CD/DVD-Player/Burner - internal and external

• Digital Cameras
28 | Endpoint Protector | User Manual

• Smartphones / Handhelds / PDAs (includes Nokia N-Series,

Blackberry, and Windows CE compatible devices, Windows Mobile
devices, etc.)

• iPods / iPhones / iPads

• MP3 Player / Media Player Devices

• External HDDs / portable hard disks

• FireWire Devices

• PCMCIA Devices

• Biometric Devices

• Bluetooth

• Printers (applies to serial, USB and LTP connection methods)

• Express Card (SSD)

• Wireless USB

• LPT/Parallel ports *applies only to storage devices

• Floppy disk drives

• Serial ATA Controllers

Depending on the device type, besides the Allow and Deny Access rights,
additional rights are also available. These include Read-Only Access or multiple
combinations of Allow Access but with various limitations, such as Allow access
but exclude from CAP scanning or Allow Access if TrustedDevice Level 1 to 4.

Information
The TrustedDevices™ technology integrated within Endpoint Protector is
available in four security levels, depending on the degree of protection
offered by a device (trusted devices using EasyLock™ are TD level 1).

For more information on TrustedDevices™ and EasyLock™, please see

chapter 15.1.1 Trusted Devices.
29 | Endpoint Protector | User Manual

Tips
WiFi – Block if wired network is present
With this option the administrator can disable the WiFi connection, while a
wired network connection is present. The WiFi connection will be available
when the wired network is not present.

Note
By default, the majority of device types are blocked. However, as a
working internet connection or wireless keyboards are needed during the
configuration process, several devices are set to Allow Access. These
include WiFi, Bluetooth, Network Share, Additional Keyboard and USB
Modem.

3.6.1.2. Specific Devices (Standard)

From this section, the administrator can manage access rights for a specific
device.

Information
Device rights can be set either Globally or, per Group, User or Computer,
by using the Manage Rights action from each section/entity.

Adding a new device in this section can be done by pressing the Add button and
following the simple Device Wizard. There are multiple ways of adding devices:
30 | Endpoint Protector | User Manual

• New Device (VID, PID, Serial Number) – will allow at Step 2 to add
new devices based on Vendor ID, Product ID and Serial Number.

• Existing Device (Wizard) – will allow at Step 2 to add devices

previously connected to protected computers and already in the Endpoint
Protector database.

• Device Serial Number Range – will allow at Step 2 to add multiple

devices at the same time, by specifying the first and last Serial Number in
the range. The recommended use for this feature is for devices that have
a consecutive range, with a clear, noticeable pattern.

Note
Although this feature can actually work in situations where the Serial
Number range does not follow a noticeable pattern, this is not
recommended. In this type of situations, some devices will be
ignored by Endpoint Protector and will not have the desired effect.

• Bulk List of Devices – will allow at Step 2 to add up to 1000 devices at

the same time. There are two methods to choose from, either importing a
list or by simply pasting the information.
31 | Endpoint Protector | User Manual

Information
The File Whitelisting feature is also available for USB storage devices that
have allows access. For more details about File Whitelisting, please see
chapter 3.7 File Whitelists.

3.6.1.3. Outside Network

Note
In order for this to be available, the feature needs to be enabled in the
Global Settings section.

From this section, the administrator can define fallback policies that will apply
when outside the network. All of the functionalities are identical to the Standard
section.

3.6.1.4. Outside Hours

Note
In order for this to be available, the feature needs to be enabled in the
Global Settings section.

From this section, the administrator can define fallback policies that will apply
when outside working hours. All of the functionalities are identical to the
Standard section.
32 | Endpoint Protector | User Manual

3.6.2. Global Settings

From this section, the Administrator can specify what settings apply globally, to
all Endpoint Protector entities. If there are no settings defined granularly for a
computer, and it does not belong to a group, these are the settings it will inherit.
If the computer belongs to a group, then it will inherit the settings of that group.

The Endpoint Protector Client, File Tracing and Shadowing, Outside Hours and
Outside Network, as well as Transfer Limit settings can be set from this section.
Due to their importance, they will be explained in their own subsections below.
33 | Endpoint Protector | User Manual

Tips
The Stop at Threat Threshold, if enabled, will allow information discovered
after reaching the threat threshold for a Report Only policy, to no longer
be logged. This considerably reduces the number of logs therefore
optimizing the allocated storage space.

Note
Some of the settings from this section relate also to other modules (e.g.:
Content Aware Protection, eDiscovery, etc.) and not just the Device
Control module.

3.6.2.1. Endpoint Protector Client Settings

There are several settings that relate directly to the Endpoint Protector Client.
These relate to the Client’s behavior for each specific entity (Global, Groups and
Computers).

Client Modes
The Endpoint Protector Client offers several modes that define its behavior.

There are six modes from which to choose from (and they can be changed at
any given time):

▪ Normal Mode (default setting of Endpoint Protector)

34 | Endpoint Protector | User Manual

Note
We recommend not to change the Normal Mode without being fully
aware of what the other modes imply.

If the Normal Mode does not suit your needs, Hidden or Silent Mode
are usually the best alternatives to consider.

▪ Transparent Mode

Information
This mode provides the following behavior:
• no system tray icon is displayed
• no system tray notifications are shown
• everything is blocked, regardless if authorized or not
• Administrator receives alerts for all activities

Tips
This mode is useful to block all devices but users remain unaware of
any restrictions or presence of the Endpoint Protector Client and its
activity.

▪ Stealth Mode

Information
This mode provides the following behavior:
• no system tray icon is displayed
• no system tray notifications are shown
• everything is allowed, regardless if authorized or not
• file shadowing and file tracing are enabled to see and monitor
all user activity
• Administrator receives alerts for all activities
35 | Endpoint Protector | User Manual

Tips
This mode is useful to monitor all users and computers but users
remain unaware of any restrictions or presence of the Endpoint
Protector Client and its activity. As everything is on allow, there will
be no disruptions in the day to day activities of the users.

▪ Panic Mode

Information
This mode provides the following behavior:
• system tray icon is displayed
• system tray notifications are shown
• everything is blocked, regardless if authorized or not
• file shadowing and file tracing are enabled to see and monitor
all user activity
• Administrator receives alerts when computers go in and out of
Panic Mode

Note
This mode could be triggered automatically under extreme
situations, when user’s malicious intent or activity is detected.

Under special circumstances, it can also be set manually by the

Administrator in order to block all devices. However, using this mode
in such a manner is not recommended!

▪ Hidden Icon Mode

Information
This mode provides the following behavior:
• no system tray icon is displayed
• no system tray notifications are shown
• all set rights and settings are applied as per their configuration

Tips
This mode is very similar to the Normal Mode. The difference is that
Endpoint Protector Client is not visible to the user.
36 | Endpoint Protector | User Manual

▪ Silent Mode

Information
This mode provides the following behavior:
• system tray icon is displayed
• no system tray notifications are shown
• all set rights and settings are applied as per their configuration

Tips
This mode is very similar to the Normal Mode. The difference is that
the pop-up notifications are not visible to the user.

Notifier Language
The Endpoint Protector Client Notifier language.

Policy Refresh Interval (sec)

The time interval at which the Client checks with the Server and updates with
the latest settings, rights and policies.

Log Size (MB)

The largest size of all logs stored on the Client. If the value is reached, new logs
will overwrite the oldest ones. These circumstances occur only when the Client
and Server do not communicate for a large period of time.

Log Interval (min)

The time interval at which the Client attempts to re-send the Logs to the Server.

Shadow Size (MB)

The largest size of all file shadow on the Client. If the value is reached, new
shadows will overwrite the oldest ones. These circumstances occur only when
the Client and Server do not communicate for a large period of time.

Shadow Interval (min)

The time interval at which the Client sends the Shadows to the Server.

Min File Size for Shadowing (KB)

The smallest size of a file at which a File Shadow is created.

Device Recovery Folder Retention Period (days)

Specific for Mac and Linux computers. It acts like a quarantine folder before a
transferred file has been fully inspected for content, avoiding any potential file
loss due to blocked transfers. After the specified time interval, the files are
permanently deleted.
37 | Endpoint Protector | User Manual

Max File Size for Shadowing (KB)

The largest size of a file at which a File Shadow is created.

Recovery Folder Max Size (MB)

Specific for Mac and Linux computers. Maximum size for the quarantine folder. If
the value is reached, new files will overwrite the oldest ones.

Custom Client Notifications

If enabled, the Client Notifications can be customized.

User edited information

If enabled, the User can edit the user and computer information from within the
Endpoint Protector Client

Mandatory OTP Justification

If enabled, the Justification a User has to provide when requesting or using an
Offline Temporary Password is mandatory.

Optical Character Recognition

If enabled, JPEG, PNG, GIF, BMP and TIFF file types can be inspected for
content. This option will also change the global MIME Type Whitelists.

Deep Packet Inspection

If enabled, network and browser traffic can be inspected for content. This option
is required for both the Deep Packet Inspection Whitelists and URL and Domain
Blacklist.

Block unsecured connection

If enabled, unsecured access through HTTP will be blocked and user access
restricted.

Information
The Block unsecured connection feature is only available when the Deep
Packet Inspection feature is enabled.

Extend Source Code Detection

If enabled, this will extend the ngram detection also inside of file type, such as
PDF, docx, etc.

3.6.2.2. File Tracing and Shadowing

The File Tracing feature allows monitoring of data traffic between protected
endpoints and removable devices, internal eSATA HDDs and Network Shares. It
also shows other actions that took place, such as file renamed, deleted,
accessed, modified, etc.
38 | Endpoint Protector | User Manual

Information
It can be enabled from Device Control > Global Settings, or granularly for
Groups or Computers.

File Tracing can be disabled for specific file types using the Exclude Extensions
from Tracing option.

The File Shadowing feature extends the information provided by File Tracing,
creating exact copies of files accessed by users. The creation of shadow copies
can be triggered by the following events: file copy, file write, and file read.
Events such as file deleted, file renamed, etc. do not trigger the function.

Depending on each administrator’s needs, File Shadowing can be enabled on all

supported Removable Devices (including eSATA HDDs and Network Shares, if
selected) or Content Aware Protection (file transfers through various exit points
such as online applications, printers, clipboard, etc.) and E-mail Body.

Information
File Shadowing cannot be used without File Tracing.

File Shadowing can be disabled for specific file types using the “Exclude
Extensions from Shadowing” option.

Note
File Shadowing can be delayed due to network traffic and Endpoint
Protector Settings for different computers or file sizes. Shadowed files are
usually available after a few minutes.

Tips
For large base installations (such as 250-1000 endpoints) we strongly
advise to activate File Shadowing for up to 15% of your virtual or
hardware appliance total endpoint capacity (e.g. for an A1000 Hardware
Appliance, File Shadowing should be set to a maximum of 150 endpoints
for optimal performance).
39 | Endpoint Protector | User Manual

3.6.2.3. Outside Hours and Outside Network

This section allows the Administrator to enable or disable Outside Network and
Outside Hours Policies, for both Device Control and Content Aware modules.

For Outside Hours policies, the Working days, Business hours start time and end
time need to be set.

For Outside Network polices, the DNS Fully Qualified Domain Name and DNS IP
Addresses need to be set.

Once these settings are made, the fallback device type rights can be set
Globally, per Groups, Users or Computers.

Note
When triggered, fallback policies supersede the standard device rights.

In regard to fallback policies, the Outside Network Policies supersede the

Outside Hours Policies.

Information
For Content Aware Policies, the Outside Network and Outside Hours Policy
Type also needs to be selected.

3.6.2.4. Transfer Limit

From this section, the Administrator can set Transfer Limit, within a specific time
interval (hours). Once the limit is reached, file transfers to storage devices
(Device Control) or to controlled applications (Content Aware Protection) will no
longer be possible, until the time interval expires and the count is reset.
Similarly, file transfers through Network Shares can also be included in the
Transfer Limit.
40 | Endpoint Protector | User Manual

Note
The mechanism that checks when the Transfer Limit is reached has been
designed in such a way that it does not impact the performance of the
computer.

Therefore, there might be a slight delay between the exact time the limit is
reached and the enforcing of the transfer restrictions. In general, it’s just a
few seconds but also depending on the network, it could be up to a few
minutes.

There are three actions to choose from when the Transfer Limit is reached:

• Monitor Only – simply reports when the limit is reached

• Restrict – blocks the devices and applications that have been defined in
the Device Control policies

• Lockdown – blocks all devices, regardless if they have been defined

within the Device Control policies; this includes the network interfaces and
therefore, any type of transfer

Information
To re-establish the Server-Client communication before the Transfer
Limit Time Interval expires, a Transfer Limit Reached Offline
Temporary Password is available. For more information, please see
chapter 8 Offline Temporary Password.

The option to enable a Transfer Limit Reached Alert is also possible. Additionally,
a Transfer Limit Reached Report can be scheduled on a daily, weekly or monthly
basis.
41 | Endpoint Protector | User Manual

3.7. File Whitelists

From this section, the Administrator can control the transfer of only authorized
files to previously authorized portable storage devices.

Management of which files can be copied to removable devices, and which

cannot, is made by uploading the whitelisted files to the Endpoint Protector
Server. Once the files are uploaded, an action for that particular file has to be
taken: Activate or Deactivate.

Information
The maximum file size when uploading a File Whitelist is 190 MB.

Note
The File Whitelists will not apply to files copied from external sources onto
computers. Moreover, if the Content Aware Protection module is activated
and Policies set, they will have priority over the the Files Whitelisted in the
Device Control module.
42 | Endpoint Protector | User Manual

3.8. Custom Classes

This section provides the Administrator with the option to create new classes of
devices for easier management. It is a powerful feature, especially for devices
belonging to the same vendor and/or being the same product (same VID and/or
PID).

A new Custom Class can be created by clicking on the Create. An existing policy
can be edited by double-clicking on it.

Information
The option to edit, duplicate or delete a policy is available after selecting
the desired policy.

Before adding devices to a Custom Class, the Name, Description, Device Type
(USB Storage Devices, Cameras, etc.), Device Right (Allow Access, Block Access,
etc.) must be provided. Once this is done, there are multiple ways of adding
devices to a Custom Class:

• New Device (VID, PID, Serial Number) – will allow at Step 2 to add
new devices based on Vendor ID, Product ID and Serial Number.
43 | Endpoint Protector | User Manual

• Existing Device (Wizard) – will allow at Step 2 to add devices

previously connected to protected computers and already in the Endpoint
Protector database.

• Device Serial Number Range – will allow at Step 2 to add multiple

• Bulk List of Devices – will allow at Step 2 to add up to 1000 devices at

the same time. There are two methods to choose from, either importing a
list or by simply pasting the information.

• Device Class (Device Type) – will allow at Step 2 to add a specific right
to a Device Type. This option is intended to be used in scenarios when a
very fast way to change all device types in the system but specific device
44 | Endpoint Protector | User Manual

rights were granularly added to some users or computers.

Example
For the case above, we created a Custom Class CD-ROM Allow and set
Allow access rights to devices of type CD-ROM /DVD-ROM. Let’s say that
CD-ROMs have Deny access rights set on Client PC CIP0. Once the
custom class CD-ROM Allow is created and Custom Classes is enabled, all
the CD-ROMs/DVD-ROMs will have access, even if on the Client PC CIP0
they have Deny access.

3.9. Priorities for device rights

Computer Rights, Group Rights and Global Rights form a single unit and they
inherit each-others settings. This means that changes to any one of these
entities affect the other ones.

There are three levels of hierarchy: Global Rights, Group Rights and Computer
Rights, the latter being the deciding factor in rights management.

Information
The device rights surpass all computer, group and global rights.

The user rights are on the same level with the computer rights. The
priority can be set from the System Settings section. For more details
about this setting, please see chapter 14.8.1 Endpoint Protector Rights
Functionality.
45 | Endpoint Protector | User Manual

Example
Device X is allowed from Global Rights. If in the Computer Rights section,
the same device does not have permission to be used, the device will not
be usable. Same applies vice-versa: if the device lacks access permission
globally, and has permission set per computer, the device will be allowed.
The same applies for Global Rights and Group Rights: if under globally the
device does not have permission to be used, and group permission exists,
the device will be allowed.

3.9.1. Priorities for Device Control Policies

By default, only the Standard Device Control Rights are available. They include
the Device Types and the Already Existing Devices sections.

Custom Classes can be defined. They represent a group of devices that have a
particular access right across the entire network. Custom Classes surpass the
Standard rights.

If enabled, Outside Network and Outside Hours device rights can be configured.
These surpass the Custom Classes rights.

The Offline Temporary Password rights allow the creation of exceptions from
applied rules. These rights surpass all others.
46 | Endpoint Protector | User Manual

4. Content Aware Protection

This module allows the Administrator to set up and enforce strong content
filtering policies for selected users, computers, groups or departments and take
control over the risks posed by accidental or intentional file transfers of sensitive
company data, such as:

• Personal Identifiable Information (PII): social security numbers (SSN),

driving license numbers, E-mail addresses, passport numbers, phone
numbers, addresses, dates, etc.

• Financial and credit card information: credit card numbers for Visa,
MasterCard, American Express, JCB, Discover Card, Dinners Club, bank
account numbers etc.

• Confidential files: sales and marketing reports, technical documents,

accounting documents, customer databases etc.

To prevent sensitive data leakage, Endpoint Protector closely monitors all

activity at various exit points:

• Transfers on portable storage and other media devices (USB Drives,

external HDDs, CDs, DVDs, SD cards etc.), either directly or through
encryption software (e.g. EasyLock)

• Transfers on local networks (Network Share)

• Transfers via Internet (E-mail Clients, File Sharing Application, Web

Browsers, Instant Messaging, Social Media, etc.)

• Transfers to the cloud (iCloud, Google Drive, Dropbox, Microsoft SkyDrive,

etc.)

• Transfers through Copy & Paste / Cut & Paste

47 | Endpoint Protector | User Manual

• Print screens

• Printers and others

4.1. Content Aware Protection Activation

Content Aware Protection comes as the second level of data protection available
in Endpoint Protector. The module is displayed but requires a simple activation
by pressing the Enable button. If not previously provided, the contact details of
the Main Administrator will be required.

Information
Any details provided will only be used to ensure the Live Update Server is
configured correctly and that the Content Aware Protection module was
enabled successfully.

Note
The Content Aware Protection module is separate from Device Control or
eDiscovery modules, and requires separate licensing.
48 | Endpoint Protector | User Manual

4.2. Dashboard
This section offers a quick overview in the form of graphics and charts related to
the Content Aware Protection module.

4.3. Content Aware Policies

Content Aware Policies are sets of rules for sensitive content detection and they
enforce file transfers management on selected entities (users, computers,
groups, departments). A content aware policy is made up of the following
elements:

• OS Type: defines the OS type for which it applies – Windows, Mac OS X

or Linux

• Policy Action: defines the type of action to be performed – reporting only

or blocking and reporting of sensitive content transfers

• Policy Type: define the type of the policy – Standard, Outside Hour or
Outside Network

• Exit Points: establishes the transfer destinations to be monitored

• Policy Blocklists and Whitelists: specifies the content to be detected –

it includes file type filtering, predefined content filtering, custom content
filtering, file whitelists, regular expressions and domain whitelists, deep
packet inspection etc.
49 | Endpoint Protector | User Manual

Example
A policy can be setup for the Financial Department of the company to block
Excel reports sent via E-mail or to report all transfers of files containing
personally identifiable and financial information (e.g. credit card numbers,
E-mail, phone numbers, social security numbers etc.).

Each company can define its own sensitive content data lists as Custom Content
Dictionaries corresponding to their specific domain of activity, targeted industry
and roles. To ease this task, the Content Aware Protection module comes with a
Predefined Content Dictionary that covers the most used sets of confidential
terms and expressions.

Note
Content Aware Policies also apply to File Whitelist (Device Control > File
Whitelist). This means that all files that were previously whitelisted will be
inspected for sensitive content detection, reported and / or blocked,
according to the defined policy.

Information
Exactly like Device Control policies, the Content Aware Protection policies
continue to be enforced on a computer even after it is disconnected from
the company network.

Exactly like Device Control policies, the Content Aware policies continue to be
enforced on a computer even after it is disconnected from the company network.
50 | Endpoint Protector | User Manual

4.3.1. Creating a Content Aware Protection Policy

The administrator can easily create and manage Content Aware Policies from the
Content Aware Protection > Content Aware Policies section.

A new policy can be created by clicking on the Create Custom Policy button. An
existing policy can be edited by double-clicking on it.

Information
The option to edit, duplicate or delete a policy is available after selecting
the desired policy.

Tips
One or more Content Aware Policy can be enforced on the same computer,
user, group or department. To avoid any conflicts between the applied
rules, a prioritization of policies is performed through a left-to-right
ordering. The leftmost policy has the highest priority (Priority 1), while the
rightmost policy has the lowest priority. Changing priorities for one or
more policies can be performed by moving the policy to the right or to the
left with a simple click on the left arrow for higher priority or on the right
arrow for lower priority.

When creating a new policy, the Policy Information (e.g. OS Type, Policy Name,
and Policy Description), Policy Blacklists, Policy Whitelists and Policy Entities
(Departments, Groups, and Computers) have to be selected.
51 | Endpoint Protector | User Manual

The Policy Status can be set to Report only or to Block & Report all transfers of
data that includes sensitive content.

Tips
Initially, we recommend using the Report only action in order to detect but
not block data transfers. This way, no activity will be interrupted and you
can gain a better view of data use across your network.

The Thresholds that can be used are:

• Global Threshold (ON or OFF)

• If the Global Threshold is OFF, it can be considered a Regular Threshold.

Example
Suppose that you have set up a Block & Report policy on the transfer of
Social Security Numbers (SSN) on some types of Internet browsers. A
Regular Threshold setup of four (4) will block all transfers - on those
browsers - which contain four or more individual SSN numbers, but it will
not block the transfers with 1, 2, 3 x SSN appearances.

In contrast to the Regular Threshold which blocks 4 or more threats of the

same type, the Global Threshold blocks 4 or more threats of different types
combined. In another example, two (2) threats, one being a Social
Security Number and the other being a Phone number, will not be blocked
by a policy with a Regular Threshold of 2, only by one with a Global
Threshold. On the other hand, two (2) Social Security Numbers will be
blocked by policies with both types of thresholds set at two (2).

Tips
The Threshold option applies only to multiple filters, including Predefined
Content, Custom Content and Regular Expressions. As a general rule, it is
recommended that Block & Report policies that use the Threshold should
be placed with higher priority than Report Only policies.

• Threat Threshold value – Threshold Value

52 | Endpoint Protector | User Manual

File Size Threshold Not linked to the Regular and Global Threshold
mentioned above, The File Size Threshold value defines the size (in MB)
starting from which the file transfer is either blocked or reported.

To enable the File Size Threshold, a value bigger than 0 must be set.
To disable the File Size Threshold, 0 or no value must be set.

Note
If a File Size Threshold is set, it will be applied to the whole policy,
regardless of what file types or custom contents are checked inside
the policy. The value used in the File Size Threshold must be a
positive, whole number.

Information
Depending on the specific application and OS, some limitations may
apply.

The exit points that can be monitored via the Controlled transfers to are:

• Applications

o Web Browsers (e.g. Internet Explorer, Chrome, Firefox, Safari, etc.)

o E-mail Clients (e.g. Outlook, Thunderbird, Lotus Notes, etc.)

o Instant Messaging (e.g. Skype, Pidgin, Google Talk, etc.)

o File Sharing (e.g. Google Drive Client, iCloud, Dropbox, DC++, etc.)

o Other (e.g. iTunes, Total Commander, GoToMeeting, etc.)

Note
Adobe Flash Player must be checked inside the Web Browser category
in order to block sites that use Adobe Flash Active X.
53 | Endpoint Protector | User Manual

Information
The complete list of controlled Applications can be found
directly in the Endpoint Protector User Interface.

• Storage Devices (the list of all controlled types can be viewed at System
Parameters > Device Types > Content Aware Protection)

Note
For Windows, file transfers will be monitored both to and from
removable media.

Information
The option to monitor confidential data transfers only to
Custom Classes and not all Storage Devices is also available.

• Network Share

Information
For Network Share for Macs, Endpoint Protector will report all
the events for Report Only policies. For Block & Report
policies the transfer from a Local Share towards the Local
Disk, Controlled Storage Device Types and Controlled
Applications are blocked.

• Thin Clients

• Clipboard (refers to all content captured through Copy & Paste or Cut &
Paste operations

Information
The Clipboard functionality provides a certain degree of
granularity and can be enabled:
• generally – for the computer, regardless of monitored
exist points
• for monitored applications – the Paste action is restricted
for the defined exit points
• for extended applications – the Paste action is restricted
for the defined applications such as Word, Excel,
Notepad++, etc.
54 | Endpoint Protector | User Manual

• Print Screen (refers to the screen capture options)

• Printers (refers to both local and network shared printers)

The Blacklists that can be used are:

• File Type

Tips
Since many files (e.g.: Programming Files) are actually .TXT
files, we recommend more precaution when selecting this file
type to avoid any undesired effects.

• Source Code

Tips
An N-gram based detection method is used to increase the
accuracy of these file types. However, as various source code is
closely linked together (e.g.: C, C++, etc.), these also be
checked. To make things easier, Endpoint Protector
automatically marks these correlations.

Information
When the Deep Packet Inspection is enabled, and extended
way to monitor Git is available.
If Git is selected as from the Restricted Apps, Git related
actions (fetch, clone, push, pull) will be blocked, regardless of
git application used. This will result in completely blocking Git.
However, Deep Packet Inspection Whitelist can be used to
allow a specific Git, linked to a specific domain (e.g.:
internalgit.mydomain.com).

Note
All Git traffic is encrypted. Therefore, allowing a specific
domain will result in any file transfers to be allowed,
regardless of content or other policy restrictions defined.

• Predefined Content
55 | Endpoint Protector | User Manual

Tips
The majority of the Predefined Content items are country
specific (e.g. Australia, Canada, Germany, Korea, United
Kingdom, United States, .etc.). To avoid a large number of logs
or potential false positives, only enable the Passports that
apply to your region or sensitive data.

• Custom Content

• File Name

• File Location

• Regular Expressions

• HIPAA

• Domain and URL

The Whitelists that can be used are:

• MIME Type

• Allowed Files

• File Location

• Network Share

• E-mail Domain

• URL Name

• Deep Packet Inspection

Information
For more details about Blacklists and Whitelist, please see chapter 6
Blacklists and Whitelists.
56 | Endpoint Protector | User Manual

Note
The Content Aware Protection Policies continue to report and/or block
sensitive data transfers from protected computers even after they are
disconnected from the company network. Logs will be saved within the
Endpoint Protector Client and will be sent to the Server once connection
has been reestablished.

The final step in creating a policy is selecting the entities that it will apply to. The
entities that can be used are:

• Departments

• Groups

• Computers

• Users

Tips
If a Content Aware Policy was already enforced on a computer, user, group
or department, when clicking on it, the corresponding network entities on
which it was applied will be highlighted.

4.3.2. Predefined policies

A second option is to use the Predefined policy button. This redirects the
administrator to two lists of predefined policies that come with Action set to
“Block and Report” by default, for both Windows and Mac. The administrator can
select by the description a policy of interest and press the “Create Policy” button
for it to be displayed in the list of active policies.
57 | Endpoint Protector | User Manual

4.3.3. Applying multiple Content Aware Policies

Content Aware Protection is a very versatile tool, where granular implementation
of the desired actions regarding the report and/or block and report of files can
be performed.

A Content Aware Policy is a set of rules for reporting or blocking & reporting the
selected information. All the other options left unchecked will be considered as
Ignored by Endpoint Protector.

When applying two policies to the same PC, it is possible to block one type of
file, for example PNG files, when they are uploaded through Mozilla Firefox,
while with a second policy to report only PNG files when they are uploaded
through Internet Explorer. In the same way it is possible to report only files that
contain confidential words from a selected dictionary that are sent through
Skype, while with the second policy to block the same files if they are sent
through Yahoo Messenger. Similarly, it is possible to create combinations that
block a file type or a file that contains predefined content/custom
content/regular expression for one application, while letting it through and
report it only for another.

The following rules are used in the application of one or more Content Aware
Policies on a computer/user/group/department for each separately selected item
(e.g. a specific file type, predefined information or a custom content dictionary):

Policy A with Policy B with Policy C with Endpoint Protector

Priority 1 Priority 2 Priority 3 Action
IGNORED IGNORED IGNORED Information will not be
blocked or reported.
58 | Endpoint Protector | User Manual

IGNORED IGNORED REPORTED Information will be

reported.

IGNORED REPORTED REPORTED Information will be

reported.

REPORTED REPORTED REPORTED Information will be

reported.

IGNORED IGNORED BLOCKED Information will be

blocked.

IGNORED BLOCKED BLOCKED Information will be

blocked.

BLOCKED BLOCKED BLOCKED Information will be

blocked.

IGNORED REPORTED BLOCKED Information will be

reported.

IGNORED BLOCKED REPORTED Information will be

blocked.

REPORTED IGNORED BLOCKED Information will be

reported.

BLOCKED IGNORED REPORTED Information will be

blocked.

REPORTED BLOCKED IGNORED Information will be

reported.

BLOCKED REPORTED IGNORED Information will be

blocked.

Note
The information left unchecked when creating a policy will be considered as
Ignored by Endpoint Protector and not as Allowed.

Tips
The deep packet inspection feature has been expanded to e-mail scanning
based on domain whitelisting.

4.3.4. HIPAA compliance

Any Content Aware Protection policy automatically becomes a HIPAA policy if
any options from the HIPAA tab are selected. The available options refer to FDA
approved lists and ICD codes.
59 | Endpoint Protector | User Manual

However, in order for a HIPAA policy to be effective, Predefined Content and

Custom Content filters should also be enabled. These will automatically report or
block transfer files containing PII like Health Insurance Numbers, Social Security
Numbers, Addresses and much more.

A recommended HIPAA should be considered a Content Aware Policy that,

besides the options in the HIPAA tab, also has the below configuration:

▪ All the File Types recognized should be included.

▪ All Personal Identifiable Information should be Country Specific to the

United States (Address, Phone/Fax and Social Security Numbers)

▪ Both Internet Protocol Addresses Access should be selected

▪ The URL and Domain Whitelists options should also be checked

HIPAA policies can be created and used on their own or in combination with
regular policies, for a better control of the data inside the network. These
policies are available for Windows, Mac OS X or Linux computers.
60 | Endpoint Protector | User Manual

4.3.4.1. Use Case Nr. 1

Suppose that Company X handles patient medical records that come in electronic
formats and which contain generic information such as: Patient Name, Address,
Birthdate, Phone number, Social Security Number and E-Mail address. The
company would like to block the transfer of this data through all the common
Windows desktop applications.

Knowing that the sensitive data comes in the format of a profile per patient, the
administrator can create a HIPAA policy like the one shown below:

This policy is set on Block & Report with a Global Threshold of 4. It scans the
Controlled Storage Device Types (which can be inspected from the System
Parameters > Device Types), the Clipboard and the Network Share as well as all
the database of applications recognized by Endpoint Protector. This policy will
ONLY block the transfer of those files which contain 4 or more of the PII’s
selected inside the policy. All the files which happen to contain just 1 Address or
2 Phone Numbers or 2 E-mails will be transferred
61 | Endpoint Protector | User Manual

4.3.4.2. Use Case Nr. 2

Company Y has a large database of patients’ sensitive information. This

information is stored in individual office files which contain ten (10) or even
more Personal Identifiable Information (PII) items per patient. Other than these
files, the company’s staff regularly uses some file which contains three (3) of the
same PIIs per file. Company Y would like to block the leakage of the files
database from its database that contains 10 or more items yet only report the
transfer of the files containing 3 items.

The administrator can set up a policy which will block the transfer of files
containing 10 PII’s by using a Global Threshold of 10, like in the policy shown
below:

Another HIPAA policy can be used to report the transfer of files which contain 3
items of the same kind by using a Regular Threshold set at 3, like the below-
shown example:

Information
As mentioned earlier, the Block & Report policy will have the 1st priority
while the Report Only policy will be the 2nd.

4.4. Deep Packet Inspection

The Deep Packet Inspection functionality provides a certain degree of
granularity, allowing the administrator to fine tune the content inspection
functionality to their network specifications.
62 | Endpoint Protector | User Manual

4.4.1. Deep Packet Inspection Ports & Settings

From this section, the administrator can corelate the monitored applications with
the ports used in each network.

By default, the Deep Packet Inspection functionality comes with a list of

predefined ports (80, 443, 8080, etc.). However, if custom ports are utilized in a
specific network, particular by one of the monitored applications defined as an
Exit Point within a Content Aware Protection Policy, this port can be added from
this section.

Information
By enabling the Text Inspection setting, confidential content typed inside
Teams, Skype, Slack and Mattermost will be monitored.

Note
The Text Inspection setting also applies on browsers for the following
online applications: Google Spreadsheet, Facebook Post, Facebook
Comment and Instagram Comment. However, these cannot be granularly
disabled and apply by default if DPI is enabled for those specific browsers.

4.4.2. Deep Packet Inspection Applications

From this section, the administrator can enable or disable the Deep Packet
Inspection functionality for each application that is subject to this functionality.

Information
Only the applications that support DPI are available in the list below.
63 | Endpoint Protector | User Manual

Note
The Deep Packet Inspection functionality needs to be first enabled from
Device Control > Settings (Global, Groups, Computers, etc.). For more
information, please see chapter 3.6.2 Global Settings.
64 | Endpoint Protector | User Manual

5. eDiscovery

This module allows the Administrator to create policies that inspect data residing
on protected Windows, Macs and Linux computers. The company’s data
protection strategy can be enforced and risks posed by accidental or intentional
data leaks can be managed. The Administrator can mitigate problems posed by
data at rest by discovering sensitive data, such as:

• Personal Identifiable Information (PII): social security numbers (SSN),

driving license numbers, E-mail addresses, passport numbers, phone
numbers, addresses, dates, etc.

• Financial and credit card information: credit card numbers for Visa,
MasterCard, American Express, JCB, Discover Card, Dinners Club, bank
account numbers etc.

• Confidential files: sales and marketing reports, technical documents,

accounting documents, customer databases etc.

5.1. eDiscovery Activation

eDiscovery comes as the third level of data protection available in Endpoint
Protector. The module is displayed but requires a simple activation by pressing
the Enable button. If not previously provided, the contact details of the Main
Administrator will be required.

Information
Any details provided will only be used to ensure the Live Update Server is
configured correctly and that the eDiscovery module was enabled
successfully.
65 | Endpoint Protector | User Manual

Note
The eDiscovery module is separate from Device Control or Content Aware
Protection modules, and requires separate licensing.

5.2. Dashboards
This section offers a quick overview in the form of graphics and charts related to
the eDiscovery module.
66 | Endpoint Protector | User Manual

5.3. eDiscovery Policies and Scans

eDiscovery Policies are sets of rules for sensitive content detection for data
stored on protected computers. An eDiscovery Policy is made up of five main
elements:

• OS Type: the OS it applies to (Windows, Mac or Linux)

• Thresholds: the number of acceptable violations

• Policy Blacklists: the content to be detected

• Policy Whitelists: the content that can be ignored

• Entities: the departments, groups or computers it applies to

Information
Once the eDiscovery Policies is created, the desired type of eDiscovery
Scan needs to be selected.

eDiscovery Scans are sets of rules for Policies, defining when to start the data
discovery. There are several types of scans:

• Clean scan: stars a new discovery (from scratch)

• Incremental scan: continues the discovery (skipping the previously

scanned files)

Tips
eDiscovery Automatic Scanning is also available, allowing the administrator
to set an Incremental Scan
•One time – a scan will run once, at the specific date and time
•Weekly – a scan will run every 7 days, from the set date and time
•Monthly – a scan will run every 30 days, from the set date and time
67 | Endpoint Protector | User Manual

An eDiscovery Scan can be stopped at any time as results can also be

automatically cleared. This can be done by using:

• Stop scan: stops the scan (but does not affect the logs)

• Stop scan and clear scan: stops the scan and clears the logs

Note
The Global Stop and Clear button can be used in situations where all the
eDiscovery Scans need to be stopped and all the Logs cleared.

5.3.1. Creating an eDiscovery Policy and Scan

The Administrator can easily create and manage eDiscovery Policies and Scans
from eDiscovery > Policies and Scans section.
68 | Endpoint Protector | User Manual

A new policy can be created by clicking on the Create Custom Policy button. An
existing policy can be edited by double-clicking on it.

Information
The option to edit, duplicate or delete a policy are available after selecting
the desired policy.

The Thresholds that can be used are:

• Stop at Threat Threshold

• Threat Threshold value

• File Size Threshold

Information
More details about Thresholds can be found directly in the Endpoint
Protector User Interface.

The Blacklists that can be used are:

• File Type

Tips
Since many files (e.g. Programming Files) are actually .TXT
files, we recommend more precaution when selecting this file
type to avoid any undesired effects.
69 | Endpoint Protector | User Manual

• Source Code

Tips
An N-gram based detection method is used to increase the
accuracy of these file types. However, as various source code is
closely linked together (e.g.: C, C++, etc.), these also be checked.
To make things easier, Endpoint Protector automatically marks
these correlations.

• Predefined Content

Tips
The majority of the Predefined Content items are country specific
(e.g. Australia, Canada, Germany, Korea, United Kingdom, United
States, .etc.). To avoid a large number of logs or potential false
positives, only enable the Passports that apply to your region or
sensitive data.

• Custom Content

• File Name

• Regular Expressions

• HIPAA

The Whitelists that can be used are:

• MIME Type

• Allowed Files

Information
For more details about Blacklists and Whitelist, please see chapter 6
Blacklists and Whitelists.

After the eDiscovery Policy has been created, Scanning Actions can be assigned.
These include Start clean scan, Start incremental scan, Stop scan and clear logs.
70 | Endpoint Protector | User Manual

Note
Exactly like Content Aware Protection Policies, the eDiscovery Policies and
Scans continue to detect sensitive data stored on protected computers
even after they are disconnected from the company network. Logs will be
saved within the Endpoint Protector Client and will be sent to the Server
once connection has been reestablished.

5.4. eDiscovery Scan Result and Actions

After an eDiscovery Scan stars, the found items can be inspected and
remediation actions (e.g. delete on target, encrypt on target, decrypt on target,
etc.). All results are displayed in eDiscovery > Scan Results and Actions section.

Tips
The Scan Results and Actions section can also be accessed directly from
eDiscovery > Policies and Scans by selecting a computer from the
eDiscovery Scans list and choosing the Inspect found items action. This will
automatically filter the Scan Results list and display the items only for that
specific computer.
71 | Endpoint Protector | User Manual

5.4.1. Viewing Scan Results and taking Actions

From this section, the Administrator can manage the scan results. A list with all
the computers that were scanned can be viewed and actions such as deleting,
encrypting or decrypting files can be taken.

The Administrator can apply the desired action to each item individually or, can
select multiple items and apply the desired action simultaneously by using the
Choose action button.
72 | Endpoint Protector | User Manual

6. Blacklists and Whitelists

From this section, the Administrator can create Blacklists and Whitelists that can
be used in both the Content Aware Protection and eDiscovery modules. Once
defined, these blacklists and whitelists can be enabled in the desired Policy. The
list of all Blacklists and Whitelists will be detailed below.

Note
Some Blacklist and Whitelists are OS related (e.g. E-mail Domain and URL
Name are only available for Windows) or are not available for both
modules.

6.1. File Type Blacklists

The content inspection functionally within Endpoint Protector can identify
multiple file types. Additional file types are continually added, extending the
available list with each Endpoint Protector Update. The Administrator can define
what file types a Content Aware Protection or eDiscovery Policy scans for, but
cannot directly extend the supported file type list. Since this is a predefined list,
it only requires the Administrator to select the desired content from the File Type
Content tab, within a Policy. This process has already been detailed in earlier
paragraphs.
73 | Endpoint Protector | User Manual

Information
File Type Blacklists are available for both the Content Aware Protection and
eDiscovery modules.

Note
File Type Blacklists refer to the true type of a file. If a user tries to
circumvent the content inspection mechanism by manually changing the
extension of the file, Endpoint Protector will still detect it.
74 | Endpoint Protector | User Manual

6.2. Predefined Content Blacklists

Predefined Content Blacklists are predefined lists of terms and expressions to be
detected as sensitive content by Endpoint Protector. Since this is a predefined
list, it only requires the Administrator to select the desired content from within a
Policy, from the Predefined Content tab.

Information
Predefined Content Blacklists are available for both the Content Aware
Protection and eDiscovery modules.

Predefined Content Blacklist include:

• Credit Cards

Amex, Diners, China UnionPay, Discovery, JCB, MasterCard, MIR, Maestro,

Visa

• Personal Identifiable Information

IBAN, Date, E-mail, Address, etc.

• Social Security Numbers (SSNs)

• Identifiers (IDs)

• Passports

• Tax IDs
75 | Endpoint Protector | User Manual

• Driving Licenses

• Health Insurance Numbers

Tips
The majority of the Predefined Content items are country specific (e.g.
Australia, Canada, Germany, Korea, United Kingdom, United States, .etc.).
To avoid a large number of logs or potential false positives, only enable the
Passports that apply to your region or sensitive data.

6.3. Custom Content Blacklists

Custom Content Blacklists are custom defined lists of terms and expressions to
be detected as sensitive content by Endpoint Protector. The list of custom
dictionaries is available under DLP Blacklists and Whitelists > Blacklists >
Custom Content tab.

Information
Custom Content Blacklists are available for both the Content Aware
Protection and eDiscovery modules.

The available actions for each dictionary are: Edit, Export and Delete.
76 | Endpoint Protector | User Manual

A new dictionary can be created by clicking on the Add button. To populate the
content of a newly created dictionary, items of at least three characters can be
entered either manually (typed or pasted) or imported.

Once a new dictionary is created, it will be automatically displayed inside the

Custom Content tab. It will also be available when creating or editing a Content
Aware Protection or eDiscovery Policy.
77 | Endpoint Protector | User Manual

6.4. File Name Blacklists

File Name Blacklists are custom defined lists of file names detected by Endpoint
Protector. The list of filenames is available under DLP Blacklists and Whitelists >
Blacklists > File Name tab.

Information
File Name Blacklists are available for both the Content Aware Protection
and eDiscovery modules.

The available actions for each file name are: Edit, Export and Delete.

A new file name blacklist can be created by clicking the Add button. To populate
the content of a newly created file name blacklist, items of at least two
characters can be entered either manually (typed or pasted) or imported.
78 | Endpoint Protector | User Manual

The content can be defined in multiple ways. It can be just the file name, file
name and extension or just the extension.

Example
If "example.pdf" filename is used then all files that end in example.pdf will
be blocked (e.g. example.pdf, myexample.pdf, test1example.pdf).

If ".epp" extension is used then all files that have the .epp extension will
be blocked (e.g. test.epp, mail.epp, 123.epp).

Once a new file name blacklist is created, it will automatically be displayed inside
the File Name tab. It will also be available when creating or editing a Content
Aware Protection or eDiscovery Policy.

Note
For Content Aware Protection, the File Name Blacklists work only for Block
& Report type Policies. The Case Sensitive and Whole Words Only features
do not apply.
79 | Endpoint Protector | User Manual

6.5. File Location Blacklists

File Location Blacklists are custom defined lists of locations identified by
Endpoint Protector. File transfers within this location are automatically blocked,
regardless of the content inspection rules or permissions defined in various
Policies. The list of locations is available under Blacklists and Whitelists >
Blacklists > File Location tab.

Note
In addition to defining the File Location Blacklist, the browser or application
used to transfer files also needs to be selected from within the Content
Aware Protection Policy.

Tips
By default, the File Location Blacklists apply to all files located in the
specific folder but also to any other files located in containing subfolders.
While the “Include subfolders for File Location Blacklists” feature can be
switched OFF, it will affect all other File Location Blacklists and Whitelists
throughout the system.

Information
File Location Blacklists are available only for the Content Aware Protection
module.

The available actions for each file name are: Edit, Export and Delete.
80 | Endpoint Protector | User Manual

A new file location blacklist can be created by clicking the Add button. To
populate the content of a newly created file location blacklist, items can be
entered manually (typed or pasted). The computers to which it applies also need
to be selected from the list on the right side.

6.6. Scan Location Blacklists

Scan Location Blacklists are custom defined lists of locations identified by the
eDiscovery module. Data at rest within this location are automatically inspected
for content, depending on the rules defined in various Policies. The list of
locations is available under Blacklists and Whitelists > Blacklists > Scan Location
tab.

The available actions for each location are: Edit and Delete.

A new scan location blacklist can be created by clicking the Add button. To
populate the content of a newly created scan location blacklist, items can be
entered manually (typed or pasted).
81 | Endpoint Protector | User Manual

Information
A few predefined Scan Locations are available. They can also be adjusted
to fit better to the desired results (e.g.: rather than scanning all Desktops,
only some that follow a particular pattern can be defined).

When defining a Scan Location, some special characters can be used to

tailor the path:
* - can be used to replace any word
? – can be used to replace any character

6.7. Regex Blacklists

By definition, Regular Expressions are sequences of characters that form a
search pattern, mainly for use in pattern matching with strings. An Administrator
can create a regular expression in order to find a certain recurrence in the data
that is transferred across the protected network.

Information
Regex Blacklists are available for both the Content Aware Protection and
eDiscovery modules.

The available actions for each file name are: Edit, Export and Delete.

A new file regex blacklist can be created by clicking the Add button. Regular
Expressions can be tested for accuracy. Insert into the Enter test content box a
general example of something on which the regex applies to, and press the Test
82 | Endpoint Protector | User Manual

button. If the Regular Expression has no errors inside of it, then the same
content should appear into the Matched content box, as shown below:

Example
To match an E-mail:
[-0-9a-zA-Z.+_]+@[-0-9a-zA-Z.+_]+\.[a-zA-Z]{2,4}

Example
To match an IP:
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-
9][0-9]?)){3}

Note
If possible, avoid using Regular Expressions, as their complexity typically
increases the resources usage. Using a large number of regular
expressions as filtering criteria typically increases CPU usage. Also,
improper regular expressions or improper use can have negative
implications.

This feature is provided “as is” and requires advanced knowledge of the
Regular Expression syntax. No direct support is offered and it is the
responsibility of the customers to learn and implement regular expressions
and to thoroughly test.
83 | Endpoint Protector | User Manual

6.8. Domain and URL Blacklists

Domain and URL Blacklists are custom defined lists of web addresses identified
by Endpoint Protector. Access to domains and URLs from these lists will be
denied. The list of domains and URLs is available under Blacklists and Whitelists
> Blacklists > Domain and URL tab.

The available actions for each file name are: Edit, Export and Delete.

A new domain and URL blacklist can be created by clicking the Add button. To
populate the content of a newly created domain and URL blacklist, items can be
entered either manually (typed or pasted) or imported.
84 | Endpoint Protector | User Manual

The content can be defined in multiple ways. It can be just the file name, file
name and extension or just the extension.

Example
pdf, test1example.pdf. example.endpointprotector.com, *example.com,
*example*example, https://website.com

Once a new domain and URL blacklist is created, it will automatically be

displayed inside the Domain and URL tab. It will also be available when creating
or editing a Content Aware Protection Policy.

6.9. MIME Type Whitelists

The content inspection functionally within Endpoint Protector identifies multiple
file types. While some files (e.g. Word, Excel, PDFs, etc.) can contain
confidential information (e.g. PIIs, SSNs, Credit Cards, etc.), other files are
highly unlikely to contain such data (e.g. .dll, .exe, .mp3, .avi, etc.).

The purpose of the MIME Type Whitelists is to eliminate the use of resources to
inspect redundant and unnecessary files for content, as well as reducing false
positives due to information detected in the metadata of files where the risk of
data loss is extremely low.

Example
As songs or video files cannot contain lists of credit card numbers, there is
no need to inspect them using content filters.
85 | Endpoint Protector | User Manual

Information
MIME Type Whitelists are available for both the Content Aware Protection
and eDiscovery modules and apply to Custom Content, Predefined Content
and Regular Expressions.

Tips
By default, graphic files, media files, some password protected achieve
files and some system files are automatically defined within the MIME Type
Whitelists. While this can easily be changed, we recommend only doing so
after gaining a deeper understanding of the type of data transferred used
or stored by the users in your system and, the subsequent logs increase in
the Endpoint Protector Server.

The list of MIME types is available under DLP Blacklists and Whitelists >
Whitelists > MIME Type tab.

6.10. Allowed Files Whitelists

Allowed Files Whitelists are custom groups of files which the administrator
wishes to exclude from sensitive content detection by Endpoint Protector. The
group of allowed files is available under DLP Blacklists and Whitelists >
Whitelists > Allowed Files tab.
86 | Endpoint Protector | User Manual

Information
Allowed Files Whitelists are available for both the Content Aware Protection
and eDiscovery modules.

The available actions for each dictionary are: Edit, Export and Delete.

A new allowed file whitelist can be created by clicking on the Add button. To
populate the content of a newly created whitelist, allowed files need to be
uploaded to the Endpoint Protector Server. Once files are uploaded, they can be
used in multiple whitelists.

Once a new whitelist is created, it will be automatically displayed inside the

Allowed File tab. It will also be available when creating or editing a Content
Aware Protection or eDiscovery Policy.

6.11. File Location Whitelists

File Location Whitelists are custom defined lists of locations identified by
Endpoint Protector. File transfers within this location are automatically allowed,
87 | Endpoint Protector | User Manual

regardless of the content inspection rules or permissions defined in various

Policies. The list of locations is available under DLP Blacklists and Whitelists >
Whitelists > File Location tab.

Note
In addition to defining the File Location Whitelist, the browser or
application used to transfer files also needs to be selected from within the
Content Aware Protection Policy.

Tips
By default, the File Location Whitelists apply to all files located in the
specific folder but also to any other files located in containing subfolders.
While the “Include subfolders for File Location Whitelists” feature can be
switched OFF, it will affect all other File Location Blacklists and Whitelists
throughout the system.

Information
File Location Whitelists are available only for the Content Aware Protection
module.

The available actions for each file name are: Edit, Export and Delete.

A new file location whitelist can be created by clicking the Add button. To
populate the content of a newly created file location whitelist, items can be
88 | Endpoint Protector | User Manual

entered either manually (typed or pasted). The computers to which it applies

also need to be selected from the list on the right side.

6.12. Network Share Whitelists

Network Share Whitelists are custom defined lists of network share addresses
where transfers of confidential information will be allowed by Endpoint Protector.
The whitelisted network shares are available under DLP Blacklists and Whitelists
> Whitelists > Network Share tab.

Information
Network Share Whitelists are available only for the Content Aware
Protection module.
89 | Endpoint Protector | User Manual

Note
In order for this feature to work accordingly, the Network Share must be
set to Allow Access and Scan Network Share must be checked inside a
Content Aware Protection Policy.

The available actions for each dictionary are: Edit, Export and Delete.

A new network share file whitelist can be created by clicking on the Add button.
To populate the content of a newly created whitelist, the server name or IP
address can be used to define a network share path.

Note
The network share path should not begin with backslashes (\\).

Example
192.168.0.1\public\users\test; fileserver\documents\example

6.13. E-mail Domain Whitelists

E-mail Domain Whitelists are custom defined e-mail addresses to which sending
of confidential information will be allowed by Endpoint Protector. The list of file
URL names is available under DLP Blacklists and Whitelists > Whitelists > E-mail
Domain tab.
90 | Endpoint Protector | User Manual

Information
E-mail Domain Whitelists are available only for the Content Aware
Protection module.

The available actions for each file name are: Edit, Export and Delete.

Once a new E-mail domain whitelist is added, it will be automatically displayed

inside the E-mail Domain Whitelists tab. It will also be available when creating or
editing a Content Aware Protection Policy.
91 | Endpoint Protector | User Manual

6.14. URL Name Whitelists

URL Name Whitelists are custom defined lists web addresses where uploading of
confidential information will be allowed by Endpoint Protector. The list of file URL
names is available under DLP Blacklists and Whitelists > Whitelists > URL Name
tab.

Information
URL Name Whitelists are available only for the Content Aware Protection
module.

The available actions for each file name are: Edit, Export and Delete.

A new URL name whitelist can be created by clicking the Add button. To
populate the content of a newly created URL name whitelist, items of at least
two characters can be entered either manually (typed or pasted) or imported.
92 | Endpoint Protector | User Manual

Note
The defined URL should only contain the name and the domain and not any
prefixes like www.*, www2.* or en.*.

Example
endpointprotector.com (not www.endpointprotector.com)

Once a new URL name whitelist is added, it will be automatically displayed inside
the URL Name Whitelists tab. It will also be available when creating or editing a
Content Aware Protection Policy.

6.15. Deep Packet Inspection Whitelists

Deep Packet Inspection Whitelists are custom defined lists web addresses where
uploading of confidential information will be allowed by Endpoint Protector. The
list of Deep Packet Inspection is available under DLP Blacklists and Whitelists >
Whitelists > Deep Packet Inspection tab.
93 | Endpoint Protector | User Manual

Information
Deep Packet Inspection Whitelists are available only for the Content Aware
Protection module.

The available actions for each deep packet inspection are: Edit, Export and
Delete.

A new Deep Packet Inspection Whitelist can be created by clicking the Add
button. To populate the content of a newly created Deep Packet Inspection
whitelist, items of at least two characters can be entered either manually (typed
or pasted) or imported.
94 | Endpoint Protector | User Manual

Example
example.endpointprotector, *example.com, *example*,
https://website.com, etc.

Note
“?” cannot be used to replace a character.

Note
Due to the way Gmail works, depending on the desired outcome, the
following needs to be considered:
• Whitelisting mail.google.com will allow e-mail attachments or files
that have been added using drag and drop
• Whitelisting doc.google.com will be needed when images are
inserted in the body of the e-mail

Once a new Deep Packet Inspection whitelist is added, it will be automatically

displayed inside the Deep Packet Inspection Whitelists tab. It will also be
available when creating or editing a Content Aware Protection Policy.
95 | Endpoint Protector | User Manual

7. Enforced Encryption

7.1. EasyLock
EasyLock is a cross-platform solution that protects data with government-
approved 256bit AES CBC-mode encryption. For USB devices, it needs to be
deployed on the root of the device. With the intuitive Drag & Drop interface, files
can be quickly copied to and from the device.

Information
For more details about using EasyLock itself, please reference the
EasyLock User Manual.

Used in combination with Endpoint Protector, EasyLock allows USB storage

devices to be identified as Trusted Devices Level 1. This can ensure that USB
Enforced Encryption is used on protected computers. Accessing data stored on
96 | Endpoint Protector | User Manual

the device can be done via the password the user-configured or via a Master
Password set by the Endpoint Protector administrator. The encrypted data can
be opened by any user only after it is decrypted, therefore requiring the user to
copy the information out of EasyLock.

Note
While Endpoint Protector can detect any EasyLock USB encrypted device as
a Trusted Device Level 1, to use the Enforced Encryption feature, a specific
EasyLock version must be used. This is available for the Endpoint Protector
User Interface.

7.1.1. EasyLock Deployment

Information
EasyLock Enforced Encryption is supported for both Mac and Windows
computers.

Deployment can be done automatically if Allow Access if Trusted Device

Level 1+ is selected for the USB Storage Devices. This can be done by going to
Device Control > Global Rights section or using the quick links provided, as per
the image above.

Manual deployment is also available. Download links for both Windows and the
Mac are available in this section. The downloaded EasyLock file must be copied
onto the USB storage device and executed from the root of the device. Due to
extended security features for manual deployment, EasyLock will have to be
redownloaded from the Endpoint Protector interface each time it will be used to
encrypt a new USB storage device.

Tips
Starting with Endpoint Protector 5.2.0.0, manual deployment can also be
made by the user if the device is set on Allow Access, by pressing the
small USB icon- Encrypt Device with EasyLock.
97 | Endpoint Protector | User Manual

Both EasyLock deployments are straight forward and require the user only to
configure a password.

Note
On Macs, USB storage devices with multiple partitions are not supported
by EasyLock and Trusted Devices Level 1.

7.1.2. EasyLock Settings

This section allows the Administrator to remotely manage EasyLock encrypted
devices. Before being able to take advantage of these features, the
Administrator must configure a Master Password.

Information
EasyLock can be configured to be installed and run only in the presence of
the Endpoint Protector Client, by enabling the Installation and Execution
feature.

This functionality can be extended in order for EasyLock to work in relation

to a list of trusted Endpoint Protector Servers by also enabling the
EasyLock Multi Server feature.

In the Settings section, the Master Password can be configured, the EasyLock
File Tracing enabled, as well as defining the installation and execution of
EasyLock only on computers where the Endpoint Protector Client is present.

For both the Master Password and the User Password, complex rules can be
enforced. If these are enabled, the password lengths, minimum characters,
validity, history and other settings can be set.
98 | Endpoint Protector | User Manual

Endpoint Protector allows tracing of files copied and encrypted on portable

devices using EasyLock. This option can be activated from inside the Settings
windows located under the EasyLock Enforced Encryption tab.

By checking the File Tracing option, all data transferred to and from devices
using EasyLock is recorded and logged for later auditing. The logged information
is automatically sent to the Endpoint Protector Server if Endpoint Protector Client
is present on that computer. This action takes place regardless of the File
Tracing option being enabled or not for that specific computer through the
Device Control module.

In case that Endpoint Protector Client is not present, the information is stored
locally in an encrypted format on the device and it will be sent at a later time
from any other computer with Endpoint Protector Client installed.

The additional Offline File Tracing option is an extension to the first option,
offering the possibility to store information directly on the device, before being
sent to the Endpoint Protector Server. The list of copied files is sent only next
time the device is plugged in and only if Endpoint Protector Client is present and
communicates with the Endpoint Protector Server.

Additionally, Easy Lock performs File Shadowing for the files that are transferred
if Endpoint Protector Client is present and the File Shadowing option is enabled
on the computer on which the events occur – through the Device Control
module. This is a real-time event and no shadowing information is stored on the
device at any given time.

Note
Enabling global File Tracing will not automatically activate the File Tracing
option on EasyLock Trusted Devices and vice versa.
99 | Endpoint Protector | User Manual

7.1.3. EasyLock Clients

In the Clients list section, all EasyLock enforced devices are listed. By selecting
the Manage Client Action a list of Actions History is displayed, as well as the
option to manage them by sending a message, changing the user’s password,
resetting the device, resending the master password and more.
100 | Endpoint Protector | User Manual

8. Offline Temporary
Password

This section allows the Administrator to generate Offline Temporary Passwords

(or OTPs) and grant temporary access rights. In addition to situations when only
temporary access is needed, it can also be used when there is no network
connection between the protected computers and the Endpoint Protector Server.
The Offline Temporary Password can be generated for the below entities:

• Device (a specific device)

• Computer and User (all devices)

• Computer and User (all file transfers)

A password is linked to a time period and is unique for a certain device and
computer. This means the same password cannot be used for a different device
or computer. It also cannot be used twice (except for Universal Offline
Temporary Password). The time intervals available are: 15 minutes, 30 minutes,
1 hour, 2 hours, 4 hours, 8 hours, 1 day, 2 days, 5 days, 14 days and 30 days or
Custom.

Information
The Offline Temporary Password Duration offers a customized option,
allowing the generation of time-based OTP Codes, with a Start Date/Time
and an End Date/Time.

For large companies or multinational that have the Endpoint Protector

Server and the protected endpoints on different time zones, taking into
consideration how the Server Time and Client Time work is essential.
101 | Endpoint Protector | User Manual

Example
The Endpoint Protector Server is located in Germany, making the Server
Time UTC+01:00
The protected endpoints are located in Romania, making the Client Time
UTC+02:00

When generating an OTP Code that should take effect tomorrow, from
16:00 on the endpoint time, it should actually be generated for tomorrow,
from 15:00 (to adjust for the 1h difference in the time zone)

For the predefined durations, the above adjustment is not necessary. The
OTP Code will be valid for that specific amount of time, starting with the
moment it was redeemed. The only thing to consider is that the OTP Code
needs to be redeemed the same day it was generated.

Note
The Universal Offline Temporary Password feature can also be turned on. If
enabled, it can be used by any user, on any computer, for any device or
file transfers – it eliminates security restrictions for one hour. It can be
used multiple times, by any users that knows it.

The Administrator also has the option to add a justification, mentioning the
reason why the password was created. This can later be used for a better
overview or various audit purposes.

Information
Once an Offline Temporary Password has been authorized, any other rights
and settings saved afterwards on the Endpoint Protector Server will not
take immediate effect. The Offline Temporary Password has to expire and
the connection with the Server re-established.

Note
The Transfer Limit Reached Offline Temporary Password is only available if
the Transfer Limit Reached feature is enabled and the actions are set to
Lockdown. The main purpose of this type of Offline Temporary Password is
to re-establish the Server-Client communication before the Transfer Limit
Reached Time Interval has expired.
102 | Endpoint Protector | User Manual

8.1. Generating the Offline Temporary Password

Depending on the options selected from the drop-down menus, the Offline
Temporary Password (or OTP) can be generated for an exact device, all devices
or all file transfers.

When generating an Offline Temporary Password for a Device, the administrator

can either introduce the Device Code communicated by the user or search the
Endpoint Protector database for an existing device.

Tips
Another way to generate an Offline Temporary Password is directly from
the Device Control > Computers section, and selecting the Offline
Temporary Password option form the Actions column.

Information
When generating an OTP Code for a device, either the Device Code or the
Device Name has to be entered (one of them will automatically fill in the
other field).
The Computer Name and the Username fields do not need to be both filled
in. The OTP Code is perfectly valid if only one of them is provided.
However, if the OTP Code needs to be valid for an exact device, on an
exact computer, for an exact user, all of the relevant fields need to be
filled in.

Once the OTP Code has been generated, it will be displayed as per the right side
of the image above.
103 | Endpoint Protector | User Manual

As it needs to be provided to the person that made the request, Endpoint

Protector offers two quick ways of doing this, either by sending a direct e-mail or
by printing it out.

Information
For more details about how and Offline Temporary Password can be
redeemed, please see chapter Error! Reference source not found.
Error! Reference source not found.

Note
The Administrator contact information that are displayed to a user can be
edited under System Configuration > System Settings, as the Main
Administrator Contact Details.

Information
Similar to generating an Offline Temporary Password for a specific device,
when generating one for all devices or all file transfer, the Computer Name
and the Username fields are not both mandatory. The OTP Code is
perfectly valid if only one of them is provided. However, if the OTP Code
needs to be valid for an exact computer and an exact user, all of the
relevant fields need to be filled in.
104 | Endpoint Protector | User Manual

9. Reports and Analysis

This section offers the administrator an overview of the System Logs, Device
Control Logs and Shadows, and Content Aware Logs and Shadows. In addition,
Admin Actions, Statistics, and other helpful information can be view from this
section.

Details regarding eDiscovery Scans and EasyLock Enforced Encryption can be

viewed in their own specific sections and not in the Reports and Analysis section.

Information
As an additional data security measure, this section may be protected by
an additional password set by the Super Administrator. This can be set
from System Configuration > System Security.

For more details about System Security, please see chapter 14.7 System
Security.

9.1. Log Report

This section offers the administrator an overview of the main logs in the system.
There are several event types such as User Login, User Logout, AD Import, AD
Synchronization, Uninstall Attempt, etc., included in this section. Additionally,
the main Device Control logs can be viewed in this section.

Tips
For a complete list of the log types included in this section, please use the
Event drop-down available in the Filters part of this page.
105 | Endpoint Protector | User Manual

The administrator has the possibility of exporting either the search results (as an
Excel, PDF or CSV) or to Create and Export containing the entire log report as a
.CSV file.

9.2. File Tracing

This section offers the administrator an overview of trace files that have been
transferred from a protected computer to a portable device or to another
computer on the network, and vice versa.
106 | Endpoint Protector | User Manual

Information
A special mention is given here to the “File Hash” column. Endpoint
Protector computes an MD5 hash for most of the files on which the File
Tracing feature applies to. This way, mitigating threats coming from the
changing the file content is ensured.

The administrator has the possibility of exporting either the search results (as an
Excel, PDF or CSV) or to Create and Export containing the entire log report as a
.CSV file.

9.3. File Shadowing

This section offers the administrator an overview of shadowed files that have
been transferred from a protected computer to a portable device.

9.4. Content Aware Report

This section offers the administrator an overview of the Content Aware Logs in
the system. It allows the administrator to see exactly what data incidents were
detected corresponding to the Content Aware Policies applied.
107 | Endpoint Protector | User Manual

The administrator has the possibility of exporting either the search results (as an
Excel, PDF or CSV) or to Create and Export containing the entire log report as a
.CSV file.

9.5. Content Aware File Shadowing

This section offers the administrator an overview of shadowed files that have
been detected by a Content Aware Policy.
108 | Endpoint Protector | User Manual

9.6. Admin Actions

This section offers the administrator an overview of every important action
performed in the interface. The Action column offers the option to view
additional information on each action.

9.7. Online Computers

This section offers the administrator an overview of computers registered on the
system which have an established connection with the server.
109 | Endpoint Protector | User Manual

Information
If the Refresh Interval for computer X is 1 minute, then the computer X
was communicating with the server in the last 1 minute.

9.8. Online Users

This section offers the administrator an overview of users registered on the
system which have an established connection with the server.
110 | Endpoint Protector | User Manual

9.9. Online Devices

This section offers the administrator an overview of devices registered on the
system which have an established connection with the server.

9.10. Statistics
The Statistics module will allow you to view system activity regarding data traffic
and device connections. The integrated filter makes generating reports easy and
fast. Simply select the field of interest and click the “Apply Filter” button.
111 | Endpoint Protector | User Manual

10. Alerts

From this section, the Administrator can define E-mail Alerts for the main events
detected by Endpoint Protector: System Alerts, Device Control Alerts, Content
Aware Alerts, EasyLock Alerts, and Mobile Device Alerts.

Note
Before creating alerts, make sure the Endpoint Protector E-mail Server
Settings have been configured from the System Configuration > System
Settings section.
The option to verify these settings by sending a test E-mail is also
available.

Information
In order for each Administrator to appear in the list of recipients for the
Alerts, this has to be provided under the Administrator details from the
System Configuration > System Administrators section.
112 | Endpoint Protector | User Manual

10.1. System Alerts

From this section, the Administrator can create system alerts, including APNS
certificate expiry, updates and support expiry, endpoint licenses used, etc.

A new Alert can be created by clicking on the Create button.

10.1.1. Creating a System Alert

When creating a new System Alert, the below information needs to be defined:

• Event - the event type that generates the alert (APNS certificate,
Updates, and Support, Client Uninstall, etc.)
113 | Endpoint Protector | User Manual

APNS certificate – APNS certificates expire and have to be renewed on a

regular basis. These alerts eliminate the risks of having to re-enroll all the
mobile devices by sending an e-mail reminder 60, 30 or 10 days prior.

Updates and Support – To rake advantage of everything Endpoint Protector

has to offer, a reminder can be sent regarding each module maintenance status
(Device Control, Content Aware Protection, eDiscovery and Mobile Device
Management).

Endpoint Licenses – As each network is constantly growing, to eliminate the

risks of having unprotected endpoints, an alert can be generated. It can be
defined if the percentage of already used Endpoint Licenses reaches 70%, 80%
or 90%.

Client Uninstall – For a better management of a large network, an alert can be

sent each time an Endpoint Protector Client is uninstalled. This is particularly
helpful when there are several assigned Administrators.

Server Disk Space – Ensuring Server Disk Space remains available for logs to
be stored and policies are properly applied, and alert can be set up when disk
space reaches 70%, 80% or 90%.

Device Control – Logs Amount – An alert can be sent each time the Number
of Device Control Logs Stored reaches a specific amount. The option to choose
either from an interval between 10,000 rows or 10,000,000 rows or define a
desired value is available.

Content Aware – Logs Amount – An alert can be sent each time the Number
of Content Aware Logs Stored reaches a specific amount. The option to choose
either from an interval between 10,000 rows or 10,000,000 rows or define a
desired value is available.

Not Seen Online – An alert can be sent each when a protected endpoint has
not been seen online in the specific timeframe. This can also be used to identify
computers where the Endpoint Protector Client might have been uninstalled.

Note
Both the APNS Certificate and Update and Support system alerts can be
disabled from General Dashboard > System Status.

10.1.2. System Alerts History

From this section, the Administrator can view a history of the System Alerts.
Alerts that are no longer needed for auditing purposes can later be deleted.
114 | Endpoint Protector | User Manual

10.2. Device Control Alerts

From this section, the Administrator can create Device Control alerts, for events
such as Connected, File Read, File Write, EasyLock – successfully deployed, etc.

A new Alert can be created by clicking on the Create button.

10.2.1. Creating a Device Control Alert

When creating a new Device Control Alert, the below information needs to be
defined:
115 | Endpoint Protector | User Manual

• Event - the event type that generates the alert (Any, Connected,
Disconnected, File Read, File Write, File Delete, etc.)

• Alerts Name – the name of the alert

• Device Type – the device type (Any, USB Storage Device, Bluetooth
Smartphone, iPhone, ZIP drive, etc.)

• Devices – a specific device already available in the system

• Monitored Entities – the Groups, Computers or Users that generate the

event

• Recipients – the Administrators that should receive the alert

116 | Endpoint Protector | User Manual

10.2.2. Device Control Alerts History

From this section, the Administrator can view a history of the Device Control
Alerts. Alerts that are no longer needed for auditing purposes can later be
deleted.

10.3. Content Aware Alerts

From this section, the Administrator can create Content Aware alerts, for events
such as Content Threat Detected or Content Threat Blocked.

A new Alert can be created by clicking on the Create button.

117 | Endpoint Protector | User Manual

10.3.1. Creating a Content Aware Alert

When creating a new Device Control Alert, the below information needs to be
defined:

• Event - the event type that generates the alert (Content Threat Detected
or Content Threat Blocked)

• Alerts Name – the name of the alert

• Monitored Entities – the Groups, Computers or Users that generate the

event

• Recipients – the Administrators that should receive the alert

Note
Before creating the alert, you must make sure that the selected Content
Aware Policy is enabled on the chosen Computer, User, Group or
Department.

10.3.2. Content Aware Alerts History

From this section, the Administrator can view a history of the Content Aware
Alerts. Alerts that are no longer needed for auditing purposes can later be
deleted.
118 | Endpoint Protector | User Manual

10.4. EasyLock Alert

From this section, the Administrator can create EasyLock alerts, for events such
as password changes, messages sent, etc.

A new Alert can be created by clicking on the Create button.

10.4.1. Creating an EasyLock Alert

When creating a new EasyLock Alert, the below information needs to be defined:

• Event - the event type that generates the alert (Any, Send Message,
Change User’s Password, Reset Device, Re-deploy Client, etc.)
119 | Endpoint Protector | User Manual

• Alerts Name – the name of the alert

• Recipients – the Administrators that should receive the alert

10.4.2. EasyLock Alert History

From this section, the Administrator can view the history of the EasyLock Alerts.
Alerts that are no longer needed for auditing purposes can later be deleted.
120 | Endpoint Protector | User Manual

11. Directory Services

From this section, the Administrator can import and synchronize the entities
(Users, Computers, and Groups) from the company’s Active Directory.

11.1. Creating a New Connection

The Administrator can create and manage connections from the Directory
Services > Synchronizations section. The required information includes the
Connection Type, Server, Port, Username, and Password.
121 | Endpoint Protector | User Manual

Note
When having to import a very large number of entities, we recommend
using the Base Search Path in order to get only the relevant information
displayed. Due to browser limitations, importing the whole AD structure
may impede the display of the import tree if it contains a very large
number of entities.

Tips
To ensure the provided information is correct, a new connection can be
tested by pressing the Test button.

One a new connection has been created, it is available in the synchronization list
and can be further edited, to include the required entities.

11.2. Connection Details & Synchronization Options

For the defined connections, several synchronization options are available. From
this section, the connection credentials and synchronization interval can also be
changed.

Tips
The Advanced Groups Filer can be used to import and synchronize only
specific groups, ignoring all other entities.
122 | Endpoint Protector | User Manual

From the Directory Browser section, the Administrator can select the entities
that need to be synced.

Once the desired entities have been chosen, they can be saved to sync.
123 | Endpoint Protector | User Manual

12. Appliance

12.1. Server Information

This view offers the administrator general information about the Server, the
Fail/Over function, the total Disk Usage, and the Uptime.

12.2. Server Maintenance

From this view, the administrator can: set up a preferential time zone and NTP
synchronization server, configure his IP and DNS, perform routine operations
such as Reboot and Shutdown as well as Enable/Disable the SSH access.
124 | Endpoint Protector | User Manual

12.2.1. Time Zone Settings

This menu allows the administrator to set a preferential time zone and/or sync
the appliance to an NTP source.

Pressing the button will save all the changes, but it will
not trigger the synchronization process!

Pressing the button will trigger the synchronization,

which will occur in the next 5 minutes. The Alerts and Logs will be reported after
the 5 minutes in a format of your choice.

Pressing the button will update the display below.

Note!
The appliances come preset to sync once a week with pool.ntp.org.
125 | Endpoint Protector | User Manual

12.2.2. Network Settings

Here you can change the network settings for the appliance to communicate
correctly in your network.

Attention!
After you change the IP address, close the Internet browser, then reopen a new
instance of your browser. Afterward, try to access the Endpoint Protector
Administration and Reporting Tool with the NEW IP address!

12.2.3. Reset Appliance to Factory Default

A reset to Factory will erase all settings, policies, certificates and other data on
the Appliance. If you reset to factory default, all settings and the communication
between Appliance and Endpoint Protector Clients will be interrupted.

12.2.4. SSH Server

This option will either enable or disable the access to the Appliance through the
SSH protocol. It is recommended to be set on Enable before requesting Support
access.
126 | Endpoint Protector | User Manual

12.3. SIEM Integration

Third-party security information and event management (SIEM) tools allow
the logging and analysis of logs generated by network devices and software.
Integration with SIEM technology allows Endpoint Protector to transfer activity
events to a SIEM server for analysis and reporting.

Administrators can access SIEM Integration from the Appliance > SIEM
Integration section.

A new SIEM Server can be added by clicking on the Add New button. An existing
policy can be edited by double-clicking on it.

Information
The option to edit or delete a SIEM Server is available after selecting the
desired policy.

Setting up a SIEM Server requires the following information:

• Server Name

• Server Description

• Server Protocol – UDP or TCP

• Server Port

• Server IP
127 | Endpoint Protector | User Manual

• Log Types – what logs to send to the SIEM Server

Note
The Disable Logging option allows the Administrator to also keep the logs
on the Endpoint Protector Server or, only have them in the SIEM Server.

Information
The maximum number of SIEM hosts configured at any given time is four
(4).
128 | Endpoint Protector | User Manual

13. System Maintenance

13.1. File Maintenance

This module allows the administrator to retrieve/organize and clean-up files used
by the Endpoint Protector Server.

The available options are:

▪ Temporary Log Files: allows archiving and deleting log files from a
selected client computer

▪ Shadow Files: allows archiving and deleting shadowed files from a

selected client computer

▪ Log Backup Files: allows archiving and deleting previously backed up

log files
129 | Endpoint Protector | User Manual

To archive, a previously selected set of files, click the “Save as Zip” button, while
to permanently remove a set of files from the Endpoint Protector Server use the
“Delete” button.

13.2. Exported Entities

From this section, the Administrator has the ability to view the list of exported
entities, download or delete them, as well as seeing the scheduled export in the
system and, reschedule them accordingly.

Information
To initial manual generation or the scheduled export is a straight forward
process that be done from the Device Control > List of Devices / List of
Computers / List of Users / List of Groups sections.
130 | Endpoint Protector | User Manual

Tips
The scheduled exports can be sent automatically via e-mail to all the
Administrators that have the Scheduled Export Alert setting enabled.

Note
The Scheduled Exports are reoccurring (Daily / Weekly or Monthly), and, as
such, will continuously take up more and more storage on the Endpoint
Protector Server.

To maintain performance and, since these exports can also be sent

automatically via e-mail to the desired Administrators, the Scheduled
Exports already generate are automatically deleted from the Server after 14
days.

For performance reasons, the Scheduled Exports and Disable Logging option
allows the Administrator to also keep the logs on the Endpoint Protector
Server or, only have them in the SIEM Server.
131 | Endpoint Protector | User Manual

13.3. System Snapshots

The System Snapshots module allows you to save all device control rights and
settings in the system and restore them later if needed.

After installing the Endpoint Protector Server, we strongly recommend that you
create a System Snapshot before modifying anything. In this case, you can
revert back to the original settings if you configure the server incorrectly.

To create a System Snapshot, access the module from System Configuration and
click “Make Snapshot”.

Enter a name for the snapshot and a description. Select also what you wish to
store in the snapshot, Only Rights, Only Settings, or Both. Finally, click “Save”.

Your snapshot will appear in the list of System Snapshots.

To restore a previously created snapshot, click the “Restore” button next to the

desired snapshot. - Restore

Confirm the action by clicking the “Restore” button again in the next window.
132 | Endpoint Protector | User Manual
133 | Endpoint Protector | User Manual

13.4. Audit Log Backup

Similar to the Log Backup and Content Aware Log Backup, this section allows old
logs to be saved and exported. The options to select the number of logs to be
exported, period and file size are available, as well as the option to view a
Backup List or set a Backup Scheduler.

Both the Audit Log Backup and Audit Backup Scheduler offer several options like
what type of logs to backup, how old should the included logs be, to keep or
delete them from the server, to include file shadows or not, etc.

However, the main difference comes from the fact that the exported logs come
in an improved visual model, making things easier to audit or to created reports
for executives.
134 | Endpoint Protector | User Manual

13.4.1. Audit Log Backup Scheduler

While the Audit Log Backup starts the backup instantly, the Audit Log Backup
Scheduler provides the option to set the procedure for a specific time and the
frequency of the backup (every day, every week, every month, every year,
etc.).
135 | Endpoint Protector | User Manual

13.5. External Storage

From this section, the Administrator can externalize files generated by Endpoint
Protector to a particular storage disk from the network. Files such as Shadows,
Audit Log Backups and System Backups can be saved to an FTP, SFTP or Samba
/ Network Share server.

Note
The option to keep a copy of the files also on the Endpoint Protector Server
can be turned ON or OFF for all External Storage Types.

13.5.1. FTP Server

To configure an FTP Server, the following parameters need to be provided:

• Externalize Files – the Endpoint Protector files: Shadows, Audit Log

Backups or System Backups

• Authentication Security – the security protocols: Default, NTLM,

NTLMv2, NTLMSSP

• Domain or Workgroup – only where applicable

• Server IP Address – the IP of the external server

• Remote Directory – a specific location on the external directory

• Username – the username of the external server

• Password – the associated password

136 | Endpoint Protector | User Manual

13.5.2. SFTP Server

To configure an SFTP Server, the following parameters need to be provided:

• Externalize Files – the Endpoint Protector files: Shadows, Audit Log

Backups or System Backups

• Server IP Address – the IP of the external server

• Remote Directory – a specific location on the external directory

• Server Port – the port of the external storage server

• Username – the username of the external server

• Password – the associated password

137 | Endpoint Protector | User Manual

13.5.3. Samba / Network Share Server

To configure a Samba / Network Share Server, the following parameters need to
be provided:

• Externalize Files – the Endpoint Protector files: Shadows, Audit Log

Backups or System Backups

• Authentication Security – the security protocols: Default, NTLM,

NTLMv2, NTLMSSP

• Domain or Workgroup – only where applicable

• Server IP Address – the IP of the external server

• Remote Directory – a specific location on the external directory

• Username – the username of the external server

• Password – the associated password

138 | Endpoint Protector | User Manual

13.6. System Backup

13.6.1. From the Web Interface

This module allows the administrator to make complete system backups.

From the menu at System Maintenance -> System Backup one can view in a
list the current existing backups. The administrative actions available are:
Restore, Download and Delete.
139 | Endpoint Protector | User Manual

To restore the system to an earlier state, simply click the Restore button
next to the desired backup. Confirm the action by clicking the button again in
the next window.

The Download button will prompt the administrator to save the .eppb backup
file on the local drive. It is recommended to keep a good record of where these
files are saved.

Note
We recommend asking for Support assistance at
[email protected] when using the Restore Backup feature.

Note
Once deleted, a backup cannot be recovered.

The sub-menus available from System Maintenance -> System Backup are:
Make Backup, Status, Upload, and Backup Scheduler.

The first options, Make Backup, opens the following menu:

The administrator is presented here with two options:

▪ To save the Database content. This option will make the backup file
contain all the devices, rights, logs, settings and policies present on the
EPP server at the making of the backup.
140 | Endpoint Protector | User Manual

▪ To save the Application sources. This option will make the backup
contain files such as the EPP clients and others related to the proper
functioning of the server.

Note
The System Backup will not contain nor preserve the IP Address, File
Shadowing copies or the Temporary Logs Files.

The second menu, Status, returns the state of the system. If a backup creation
is in progress, it will be reported as seen below.

If the system is idle, the button will return the last known status, which by
default is set at 100% done.

The next menu, Upload, allows the administrator to populate the backup list
with .eppb files from the local filesystem. This functionality is useful in cases of
server migration or crash recovery. The view is as seen below:
141 | Endpoint Protector | User Manual

Note
Endpoint Protector Backup Files (.eppb) that are larger than 200 MB can only
be uploaded from the console of the appliance. We recommend that you
contact Support when a created .eppb file exceeds this 200 MB limit.

The final menu is the Backup Scheduler.

From this view, the administrator can schedule an automatic backup routine by
setting a trigger condition, the System Backup time interval. The routine can
be set to run daily, weekly, monthly and so forth.

The Scheduler will also prompt the administrator with the Last Automatic
System Backup reminder.

Note
A scheduled routine is recommended in order to prevent unwanted loss.
142 | Endpoint Protector | User Manual

13.6.2. From the Console

Endpoint Protector offers the option to revert the system to a previous state
from the administrative console on which the initial configuration occurs.

The #2 menu presents the administrator with the following options:

1. System Restore – can be performed if a system backup has been

performed prior to the event, using the web interface
2. Import – can be performed if a .eppb file has been downloaded and
saved on an FTP server
3. Export –can be performed in order to save existing backups on an
existent FTP server

To either import or export the .eppb files, an administrator will need to provide
the system a valid FTP IP address and the path inside its filesystem to the .eppb
file.

An example is shown below:

143 | Endpoint Protector | User Manual

13.7. System Backup v2

From this section, the Administrator can migrate the database (entities, rights,
settings, policies, configurations, etc.) from an older Endpoint Protector Server
to a newer one.

Note
This feature is not intended as a replacement for the System Backup
functionality but rather as a migration tool from older Endpoint Protector
images to the ones starting with version 5.2.0.6.

Information
The version of the old Server and the new Server will have to be the same.
Before starting the migration, process make sure both Servers have the
same version (e.g.: update the old server to 5206, aligning it with the new
server that is about to be deployed).

Note
It does not include logs, Audits or System Backups. If needed, these
should be downloaded before proceeding.
144 | Endpoint Protector | User Manual

Example
The initial Endpoint Protector deployed was version 4.4.0.7. Over time,
updates were applied though the Live Update section, bringing the
appliance to Endpoint Protector version 5.2.0.6. While these constantly
included patches and security updates, they did not include a full rollout of
a new core OS version (e.g.: the appliance is still running on Ubuntu 14.04
LTS).

As Ubuntu 14.04 no longer receives security patches since 2019, those

that want to migrate to a Server running on the latest Ubuntu LTS version
should take advantage of this functionality.

13.7.1. Creating a System Backup v2 (Migration)

The Administrator can create a new migration backup from the System
Maintenance > System Backup v2 section. This requires a Name and a
Description.
145 | Endpoint Protector | User Manual

Note
For security purposes, the System Backup Key will not be stored by
Endpoint Protector. Before proceeding, make sure it is properly saved.

13.7.2. Importing and Restore (Migrate)

A backup can be restored on the same Endpoint Protector Server. However, the
main use case would be to import and restore the backup on a newer Endpoint
Protector Server (e.g.: version higher 5.2.0.6).

The migration process of a System Backup requires the backup file and System
Backup Key.

Note
If needed, previous System Backups or Audit Log Backups should be
downloaded prior to this step, as they will not be kept in process.
146 | Endpoint Protector | User Manual

Information
After the Import and Restore (Migration) has been made to the new
Appliance, the old Appliance should be turned off. Its IP would then have
to be reassigned to the new Appliance in order for the deployed Endpoint
Protector Clients to start communicating with the new Appliance.

13.8. File Shadow Repository

From this section, the Administrator can manage File Shadows Repositories. This
feature allows the Endpoint Protector Client to send File Shadows directly to an
externalized location.

Multiple File Shadow Repositories can be created and the option to specify how
each endpoint manages the File Shadows is based on Department.

Information
In Endpoint Protector, the Department defines a collection of entities with
the same attributes. It should not be confused with the department from
an organizational chart.

In order to add a File Shadow Repository, the following things should be

configured: Department, Repository Type, Repository IP Address, Port, Folder
Path, Username, and Password.
147 | Endpoint Protector | User Manual

Information
Depending on the Repository Type – FTP or Samba – the Port may not be
required and will be greyed out.
148 | Endpoint Protector | User Manual

14. System Configuration

This section contains the Endpoint Protector Clients, System Licensing and other
advanced settings, which influence the functionality and stability of the system.

14.1. Client Software

From this section, the administrator can download and install the Endpoint
Protector Client corresponding to the used operating system.

Information
The Server and Client communicate through port 443.
149 | Endpoint Protector | User Manual

Tips
The Windows Client installers offer the option to download the package
with or without add-ons. This option fixes any incompatibility that may
arise between Endpoint Protector and the specific solutions.

14.2. Client Software Upgrade

From this section, the Administrator can perform an automatic update of the
installed Endpoint Protector Client.

Note
The feature is not available for Linux clients. Also, for really old versions
(e.g. Windows Client version lower than 4.0.1.4), the update will not work.

The button under the Actions column allows setting the default Endpoint
Protector Client version that will be available for download under the Client
Software section.

14.3. Client Uninstall

From this section, the Administrator can perform a remote uninstall of the
Endpoint Protector Client.
150 | Endpoint Protector | User Manual

The computers will receive the uninstall command at the same time they receive
the next set of commands from the server. If the computer is offline it will
receive the uninstall command the first time it will come online. When the
uninstall button is pressed the computer(s) will be greyed out until the action
will be performed. The uninstall command can be canceled if it was not already
executed.

14.4. System Administrators

This section allows the creation of new Administrators. Once administrators are
created, a list containing all the administrators will be displayed. Options to
editing details and settings or delete unwanted administrators are also available.
151 | Endpoint Protector | User Manual

While creating an Administrator, there are several Administrator Details and

Administrator Settings that can be configured. Among them, whether e-mail
alerts are received, managed departments, IP login restrictions, and Default UI
Language can be mentioned. All of these settings can be changed at a later time.

Account is active
If ON, the account will be enabled

Super Administrator
If ON, the account will be considered a Super Administrator, having access to all
Departments and all sections of Endpoint Protector.

Ignore AD Authentication
If ON, the AD credentials can be used to login to Endpoint Protector

Two Factor Authentication

If ON, 2FA will be enforced using Google Authenticator
152 | Endpoint Protector | User Manual

The Two Factor Authentication (2FA) allows the login process to include an extra
step requesting a temporary code generated via the Google Authenticator app.
With the Two Factor Authentication on, once the user creation or edit is saved,
the administrator will be re-directed to a verification screen.

The Google Authenticator app will ask to register the user via a unique code or
QR Code. Following the registration process, your account will be added to the
list with a validity timer for the unique code that will be used for the second
authentication factor.
153 | Endpoint Protector | User Manual

Information
If the Super Administrator option is enabled, the Administrator will have
full privileges over the entire system.

If the Super Administrator option is not enabled, the Administrator will

have normal privileges and will be restricted from certain things in the
system (e.g.: the administrator will only be able to manage the entities
belonging to the system departments he is managing). These will be
Normal Administrators.

Normal Administrators can be restricted even further by taking advantage

of various roles. For a more restrictive access, the Normal Administrators
would have to be included into Administrators Groups, each having a
specific role attached to them (e.g.: Administrators can be added into a
Helpdesk group, having the Offline Temporary Password and Enforced
Encryption roles or limit the Administrator rights to various modules,
Content Aware, Device Control etc.)

Note
All administrators imported from an AD Admin Group will automatically be
Super Administrators. These will have to be changed to different roles after
the sync.

For more information on how to allow AD Authentication for

Administrators, please see paragraph 14.8.2 Active Directory
Authentication.
154 | Endpoint Protector | User Manual

14.5. Administrators Groups

This section allows the creation and management of Administrators Groups,
providing Normal Administrators with various access roles (e.g.: Offline
Temporary Password Administrators, EasyLock Administrators, Reports and
Analysis Administrators, Maintenance Administrators, etc.).

The main information needed to create such a group is to give it a name, a

description, select the roles and, select the Administrators that will be part of the
group.
155 | Endpoint Protector | User Manual

Tips
An Administrators Group can be created, having assigned a combination of
roles. E.g.: The Helpdesk Group can have two roles assigned to it – Offline
Temporary Password Administrators and EasyLock Administrators.

14.6. System Departments

This section allows the creation and management of System Departments.

Note
In case that, at registration, no department code is provided or a wrong
department code is provided, the department code is considered invalid
and that computer will be assigned to the default department (defdep).

Information
Using System Departments is optional. Endpoint Protector works perfectly
well with just the Default Department (defdep). Moreover, most scenarios
are best covered by simply using Devices, Computers, Users and Groups
(the entities also available in AD).

The functionality becomes useful mainly in large installations, with a high

number of Administrators and, where strict regulatory compliance rules are
in place. Under these circumstances, departments can be created, allowing
Normal Administrators to each only manage their own entities.

This functionality should not be confused with Groups of computers and

user, nor with administrators’ roles.
156 | Endpoint Protector | User Manual

Creating a new department is straightforward, and only requires a name,

description and unique code.

In terms of terminology, a similarity between Endpoint Protector and Active

Directory (or any other Director Service software) would make the Department
equivalent to an Organization Unit. Of course, the Organization Unit is not
identical to Department, and again Endpoint Protector leaves the power to the
actual Super Administrator to virtually link one or more Organization Units to an
Endpoint Protector Department.

Each entity (e.g.: computer) must belong to a department. When deploying the
Endpoint Protector Client, if a department having the given code is found, then
the computer will register, and it will belong to that department.

Example
Computer Test-PC is registered to department “developers”. In this case,
user Test logged on that computer will be assigned to the same
department together with the devices connected on the computer Test-PC.
157 | Endpoint Protector | User Manual

Super Administrators (e.g.: root) will have access to all the main entities
regardless of their departments. They will also be able to create departments, as
well as Normal Administrators or Administrators with other roles. Super
Administrators will also be responsible for assigning administrators to manage
departments.

A regular administrator can only manage the departments it was assigned to. It
cannot see entities relating to other departments.

14.7. System Security

From this section, the Administrator can configure several security settings such
as set a client uninstall password, restrict the access to sensitive information
only to super administrators, set a password protection on that sensitive data,
enforce all administrators’ password security at next login and password
expiration options.
158 | Endpoint Protector | User Manual

Note
Once the “Enforce all administrator password security at next login” is
checked, this feature cannot be disabled.

If enabled, only complex passwords can be defined, complying with the

below rules:
• the minimum length is 9 characters
• must contain small and capital letters, numbers and special characters
• consecutive characters and numbers in ascending order cannot be
used

14.8. System Settings

From this section, the Administrator can configure some general settings that
apply to the entire system. Most of these settings might already be configured
as they are included in the initial Endpoint Protector Configuration Wizard.

14.8.1. Endpoint Protector Rights Functionality

From this section, the Administrator can change the rights functionality by giving
priority to either User Rights or Computer Rights (or both).

14.8.2. Active Directory Authentication

This section allows an AD group of administrators to be imported into Endpoint
Protector as Super Administrators. If the Enable Active Directory Authentication
is checked, these administrators can use their AD credentials to log in to
Endpoint Protector.

The process is straight forward and can be summarized in 4 simple steps:

• Input all credentials and requested information

Information
The settings needed are the same as for the Directory Services
section. For more details, please see chapter 11 Directory Services.

• Scroll to the bottom of the page and save the changes

159 | Endpoint Protector | User Manual

Example
The green confirmation messages that appears at the top of the page will
confirm the save was successful.

• Return to the Active Directory Authentication section of the page and

press the Test Connection button to verify everything is working as
expected

• Press the Sync AD Administrators button

Note
Once the Active Directory Administrators Group has been defined, only
users that are part of this AD group will be synced and imported as Super
Administrators for Endpoint Protector. Any additional administrators (with
different access control levels) can be created manually from the System
Administrators section.

14.8.3. Proxy Settings

This section provides the option to configure a proxy, as seen below.
160 | Endpoint Protector | User Manual

The required information is IP (Proxy Server IP) and optional, Username and
Password (Proxy access credentials)

Note
If a Proxy Server is not configured, Endpoint Protector will connect directly
to liveupdate.endpointprotector.com.

14.9. System Licensing

From this section, the Administrator can manage and have a complete overview
of the Endpoint Protector licensing status.

Note
Starting with Endpoint Protector Version 5.2.0.7, the licensing changed to
a Subscription system. Customers that have the Legacy license type will be
subject to the previous agreed term and conditions, until they choose to
move away from the old approach.

Endpoint Protector Licensing is based on two main aspects:

• Modules – all modules are licensed separately (Content Aware
Protection, eDiscovery, etc.) and require the Device Control module
• Endpoints – refers to the Windows, Mac or Linux computers that need
to be protected, by having the Endpoint Protector Client installed on
them
161 | Endpoint Protector | User Manual

Based on the desired Modules and Endpoints, a licensing file will be provided by
your Endpoint Protector Representative.

Information
The Endpoint Protector Server ID uniquely identifies each server and is
linked to the license file. This needs to be provided to the Endpoint
Protector Representative before purchasing the licenses.

The License End Date displays the Validity of the Licenses in the system.

The Support represents the level of purchased Support (Standard or

Premium)

14.9.1. Free Trial

Endpoint Protector provides a one-time free, 30-day trial period. It can be
activated by pushing the Free Trial button.

This will automatically enable all modules, for 50 computers and 5 mobile
devices. The endpoint licenses will be assigned on a “first-in-first-served” basis.

In case that one or more licensed endpoints become inactive and need to be
reassigned, the administrator can release those licenses, which will automatically
be reassigned to other online computers.

14.9.2. Import and manage Licenses

The Import Licenses button will allow browsing for the license file. It contains
all the relevant information in a single file (modules, number of endpoints,
expiry date, type of Support, etc.).

The View Licenses button will allow the management of the endpoint licenses.
162 | Endpoint Protector | User Manual

In case that one or more licensed endpoints become inactive and need to be
reassigned, the administrator can release those licenses, which will automatically
be reassigned to other online computers.

By using the Automatic Release Licenses functionality, licenses will be

released automatically for endpoints that have not been seen online in a specific
number of days (15 days, 30 days, 90 days, etc. or a custom value).
163 | Endpoint Protector | User Manual

15. System Parameters

15.1. Device Types and Notifications

From this section, the Administrator can have an overview of the Device Types
available in the system along with their availability for each operating system.
Moreover, if those devices can or cannot be inspected by the Content Aware
Protection module is displayed in the table.

Additionally, this section allows the Administrator to enable and edit the
notification messages that appear on the Endpoint Protector Client.

By expending the List of Custom Notifications and selecting the desired

language, the displayed message can be edited. Additionally, in case
Administrators do not want to display some notifications while showing others,
these can be unchecked.
164 | Endpoint Protector | User Manual

Information
Custom Client Notifications can be globally enabled from Device Control >
Global Settings. It can also be individually checked on computers or
groups, from their specific Settings sections.

15.1.1. Trusted Devices

Protecting Data in Transit is essential to ensure no third party has access to data
in case a device is lost or stolen. The Enforced Encryption solution gives
administrators the possibility to protect confidential data on portable devices in
case of loss or theft. Ensuring only encrypted devices can be used on computers
where Endpoint Protector is present can be done by utilizing Trusted Devices.
Trusted Devices must receive authorization from the Endpoint Protector Server,
otherwise, they will be unusable. There are four levels of security for Trusted
Devices:

▪ Level 1 - Minimum security for office and personal use with a focus on
software-based encryption for data security. Any USB Flash Drive and
most other portable storage devices can be turned into a Trusted Device
Level 1. It does not require any specific hardware but it does need an
encryption solution such as EasyLock
http://www.endpointprotector.com/en/index.php/products/easylock

▪ Level 2 - Medium security level with biometric data protection or

advanced software-based data encryption. It requires special hardware
that includes security software and has been tested for Trusted Device
Level 2.
165 | Endpoint Protector | User Manual

▪ Level 3 - High-security level with strong hardware-based encryption that

is mandatory for regulatory compliance such as SOX, HIPAA, GBLA,
PIPED, Basel II, DPA, or PCI 95/46/EC. It requires special hardware that
includes advanced security software and hardware-based encryption that
has been tested for Trusted Device Level 3.

▪ Level 4 - Maximum security for military and government use. Level 4

Trusted Devices include strong hardware-based encryption for data
protection and are independently certified (e.g. FIPS 140). These devices
have successfully undergone rigorous testing for software and hardware.
It requires special hardware that is available primarily through security-
focused resellers.

▪ Level 1+ - Derived from Level 1, it will ensure that EasyLock 2 with

Master Password will be automatically deployed on USB storage devices
plugged into computers where the Endpoint Protector Client is present.

The table below provides a list of TrustedDevices:

Device Names TrustedDevice Level

EasyLock Encrypted devices 1

AT1177 2

UT169 2

UT176 2

Trek ThumbDrive 2

BitLocker Encrypted devices 3

FileVault Encrypted devices 3

Buffalo Secure Lock 3

CTWO SafeXs 3

Integral Crypto 3

Integral Crypto Dual 3

Integral Courier Dual 3

IronKey Secure Drive 3

iStorage datAshur 3

Kanguru Bio Drive 3

166 | Endpoint Protector | User Manual

Kanguru Defender 3

Kanguru Elite (30, 200 & 300) 3

Kanguru Defender Elite 3

Kingston DataTraveler Locker+ 3

Lexar 1 (Locked I Device) 3

Lexar Gemalto 3

SaferZone Token 3

ScanDisk Enterprise 3

Verbatim Professional 3

Verbatim Secure Data 3

Verbatim V-Secure 3

iStorage datAshur Pro 4

Kanguru Defender (2000 & 3000) 4

SafeStick BE 4

Stealth MXP Bio 4

15.2. Contextual Detection

From this section, the Administrator can manage the contextual detection for the
entire system. If enabled, the confidential information detected by Endpoint
Protector will be inspected for both content and context. This means that in
addition to the function that detects sensitive information (e.g.: Credit Cards,
IDs, Passports, Driving Licenses, etc.), the context will also be taken into
consideration (e.g.: proximity to other relevant keywords, other related
functions, regular expressions, etc.).

Tips
In addition to providing context to the detected sensitive information, this
functionality also helps decrease false positives.
167 | Endpoint Protector | User Manual

Note
This feature applies at a global level, for both Content Aware Protection
and eDiscovery Policies. If enabled, the context detection will supersede
the content only detection through the system.
Please ensure the accuracy of the rules and the relevance for your
scenarios before enabling this functionality.

Once the Contextual Detection feature is enabled, it will apply at a global level,
based on the rules defined in the Contextual XML (but also linked to the
configured Content Aware Protection and eDiscovery policies).

There are two options to create the Contextual rules:

• creating it directly from the Endpoint Protector Server.

• manually editing the Contextual XML and then uploading it to the Endpoint
Protector Server,

15.2.1. Creating the XML

Information
This method is recommended for general use as it is the easiest method
and it can cover most use cases.
168 | Endpoint Protector | User Manual

For each category of Predefined Content (e.g.: Credit Cards, IDs, Passports,
Driving Licenses, etc.), contextual detection can be configured by clicking on the
Add button and selecting things like:

• Category and Type – the content aware detection function.

• Surrounding text – the number of characters of the search interval to

determine the context.

• Related Dictionary – a set of keywords related to the PII.

• Related Regular Expression – an additional way of adding a related

rule that is not among the content aware detection functions.

• Related File Type – the related file type.

• Related File Size (MB) – the related file size, in megabytes.

• Minimum Matches – the minimum number of items to match to validate

the detection rule

• Unrelated Dictionary– a set of keywords not related to the PII.

• Unrelated Regular Expression – an additional way of adding a non-

related rule that is not among the content aware detection functions.

• Unelated File Type – the unrelated file type.

• Unrelated File Size (MB) – the unrelated file size, in megabytes.

169 | Endpoint Protector | User Manual

• Maximum Matches – the value above which the rule will not be validated
(recommended value is 0).

Note
Do not forget to Generate the Contextual XML after creating or making
changes to contextual rules!

15.2.2. Uploading the XML

Information
This method is recommended for advanced Administrators as it offers
extended functionalities but it also requires a deeper understanding of the
XML syntax.

Advance contextual functionalities are also available. For this method, the
Contextual XML file has to be edited manually by the Administrator and then
uploaded to the Endpoint Protector Server.

Proximity, Dictionaries, Regex, etc. all have to be defined within the XML
document. In addition to the functionalities described in the chapter above
15.2.1 Creating the XML, there are more complex options available like:
Confidence Level, additional Functions to consider when determining the Main
Function, etc.

Tips
The best way to understand the syntax needed in the Contextual XML is to
look at the sample available within Endpoint Protector Server as it includes
multiple examples. Additionally, the example below also provides a clear
direction.
170 | Endpoint Protector | User Manual

Example
<Rules>

<Entity id="ssn/canada" patternsProximity="300"
recommendedConfidence="75">
<Pattern confidenceLevel="75">
<Any minMatches="2">
<Match idRef="keywords_Canada_SSN_1" />
<Match idRef="keywords_Canada_SSN_2" />
<Match idRef="validate_date_fct" />
<Match idRef="regex_email_id" /> 
</Any>
<Any maxMatches="0">
<Match idRef="keywords_exclude_Canada_SSN" />
</Any>
</Pattern>
</Entity>

<Function id="validate_date_fct" name="SEARCH_DATE_INTRL" />

<Function id="func_dlp_is_valid_ssn" name="SEARCH_SSN_Canada"
/> 
171 | Endpoint Protector | User Manual

Example
<Keyword id="keywords_Canada_SSN_1">
<Group matchStyle="word">
<Term>sin</Term>
<Term>social insurance</Term>
<Term>numero d'assurance sociale</Term>
<Term>sins</Term>
<Term>ssn</Term>
<Term>ssns</Term>
<Term>social security</Term>
<Term>numero d'assurance sociala</Term>
<Term>national identification number</Term>
<Term>national id</Term>
<Term>sin#</Term>
</Group>
</Keyword>

<Keyword id="keywords_Canada_SSN_2">
<Group matchStyle="word">
<Term>driver's license</Term>
<Term>drivers license</Term>
<Term>driver's licence</Term>
<Term>drivers licence</Term>
<Term>DOB</Term>
<Term>Birthdate</Term>
</Group>
</Keyword>

<Keyword id="keywords_exclude_Canada_SSN">
<Group matchStyle="word">
<Term>random word</Term>
</Group>
</Keyword>

</Rules>
</RulePackage>
172 | Endpoint Protector | User Manual

15.3. Advanced Scanning Detection

The Windows environment is subject to constant OS and security updates and
the installed applications are in a constant loop of continuous development.
To avoid eventual changes that interfere with the Endpoint Protector Client, the
ability to whitelist applications and processes is available.

The Advanced Scanning Exceptions feature allows applications to be excluded

from scanning, for endpoints that have the Advanced Printing and MTP scanning
feature enabled.

Information
This feature applies at a global level, for all Windows endpoints that have
the Advanced Printing and MTP Scanning features enabled.
173 | Endpoint Protector | User Manual

15.4. Device Rights

This subsection displays a list with all access rights that can be assigned to
devices.
174 | Endpoint Protector | User Manual

15.5. Events
This subsection displays a list of events that are logged by Endpoint Protector.
Additionally, the Actions column provides the option to edit the event name and
description or to disable logging for specific events.

From this section, the Administrator can manage the list of Events logged by
Endpoint Protector. The option to edit the event name and description or to
disable logging for specific events is also available.
175 | Endpoint Protector | User Manual

16. Endpoint Protector Client

The Endpoint Protector Client enforces the Rights and Settings received from the
Endpoint Protector Server on the protected endpoints (Windows, Mac, and
Linux).

The Endpoint Protector Client can be downloaded directly from the Endpoint
Protector UI.

Information
For more details about downloading the Endpoint Protector Client, please
see chapter 14.1 Client Software.

Tips
Tools like Active Directory or Jamf can be used to deploy the Endpoint
Protector Client in large networks.

16.1. Client Installation

For Windows and Mac, the Endpoint Protector Client Installation is a
straightforward one and can be followed by anyone. The Installation folder and
Server information will have to be set. However, these are already preconfigured
and are downloaded from the Endpoint Protector Server and just a simple Next
or Continue is required.
176 | Endpoint Protector | User Manual

Note
For Linux, please consult the readmeLinux.txt file available under the
Read this before installing link for exact installation instructions
corresponding to the distribution.

Tips
For Endpoint Protector Linux Clients starting with version 1.4.0.4., the
option to install the Client from a repository is also available and will be
described in the below chapter.

This option is available for the following distributions and versions: Ubuntu
14.04+, Mint 18.X, CentOS 7.x, Fedora 29, OpenSUSE 42.2 and 42.3.

16.1.1. Debian based distributions

While the steps are similar, each distro and version have their own
particularities.

Ubuntu 19 - amd64

# echo "deb
https://download.endpointprotector.com/repo/deb/Ubuntu/19.04/amd64/ /"
> /etc/apt/sources.list.d/epprepo.list

# wget -q -O -
https://download.endpointprotector.com/repo/deb/Ubuntu/19.04/amd64/KEY.
gpg | apt-key

# apt update

# apt-get install epp-client

177 | Endpoint Protector | User Manual

Ubuntu 18 - amd64

# echo "deb
https://download.endpointprotector.com/repo/deb/Ubuntu/18.04/amd64/ /"
> /etc/apt/sources.list.d/epprepo.list

# wget -q -O -
https://download.endpointprotector.com/repo/deb/Ubuntu/18.04/amd64/KEY.
gpg | apt-key add -

# apt update

# apt-get install epp-client

Ubuntu 16 - amd64

# echo "deb
https://download.endpointprotector.com/repo/deb/Ubuntu/16.04/amd64/ /"
> /etc/apt/sources.list.d/epprepo.list

# wget -q -O -
https://download.endpointprotector.com/repo/deb/Ubuntu/16.04/amd64/KEY.
gpg | apt-key add -

# apt update

# apt-get install epp-client

178 | Endpoint Protector | User Manual

Ubuntu 16 - i386

# echo "deb
https://download.endpointprotector.com/repo/deb/Ubuntu/16.04/i386/ /" >
/etc/apt/sources.list.d/epprepo.list

# wget -q -O -
https://download.endpointprotector.com/repo/deb/Ubuntu/16.04/i386/KEY.gp
g | apt-key add -

# apt update

# apt-get install epp-client

Ubuntu 14 - amd64

# echo "deb
https://download.endpointprotector.com/repo/deb/Ubuntu/14.04/amd64/ /"
> /etc/apt/sources.list.d/epprepo.list

# wget -q -O -
https://download.endpointprotector.com/repo/deb/Ubuntu/14.04/amd64/KEY.
gpg | apt-key add -

# apt update

# apt-get install epp-client

179 | Endpoint Protector | User Manual

Linux Mint - amd64

# echo "deb
https://download.endpointprotector.com/repo/deb/LinuxMint/18.x/amd64/ /"
> /etc/apt/sources.list.d/epprepo.list

# wget -q -O -
https://download.endpointprotector.com/repo/deb/LinuxMint/18.x/amd64/KE
Y.gpg | apt-key add -

# apt update

# apt-get install epp-client

16.1.2. RedHat based distributions

While the steps are similar, each distro and version have their own
particularities.

CentOS 7.x

# sudo sh -c 'echo -e "[epp-client]\nname=Endpoint Protector

Client\nbaseurl=https://download.endpointprotector.com/repo/rpm/CentOS/7
.x/\nenabled=1\ntype=rpm-
md\ngpgcheck=1\ngpgkey=https://download.endpointprotector.com/repo/rp
m/CentOS/7.x/repodata/repomd.xml.key" > /etc/yum.repos.d/eppclient.repo'

# rpm --import
https://download.endpointprotector.com/repo/rpm/CentOS/7.x/repodata/repo
md.xml.key
180 | Endpoint Protector | User Manual

Fedora 29

# sudo sh -c 'echo -e "[epp-client]\nname=Endpoint Protector

Client\nbaseurl=https://download.endpointprotector.com/repo/rpm/Fedora/2
9/\nenabled=1\ntype=rpm-
md\ngpgcheck=1\ngpgkey=https://download.endpointprotector.com/repo/rp
m/Fedora/29/repodata/repomd.xml.key" > /etc/yum.repos.d/eppclient.repo'

# rpm --import
https://download.endpointprotector.com/repo/rpm/Fedora/29/repodata/repo
md.xml.key

OpenSUSE 42.3

Note
The public key for Endpoint Protector Client in mandatory for SUSE and
openSUSE versions.

# sudo sh -c 'echo -e "[epp-client]\nname=Endpoint Protector

Client\nbaseurl=https://download.endpointprotector.com/repo/rpm/openSUS
E/42.3/\nenabled=1\ntype=rpm-
md\ngpgcheck=1\ngpgkey=https://download.endpointprotector.com/repo/rp
m/openSUSE/43.2/repodata/repomd.xml.key" >
/etc/yum.repos.d/eppclient.repo'

# rpm --import
https://download.endpointprotector.com/repo/rpm/openSUSE/42.3/keys/repo
md.xml.key

# rpm --import
https://download.endpointprotector.com/repo/rpm/openSUSE/42.3/keys/coso
sys_gpg2_public.key
181 | Endpoint Protector | User Manual

Note
For all RedHat based distributions, after executing the above commands,
an additional step is required. This is because the installation process is
not interactive and the Endpoint Protector Server IP cannot be set at this
stage.

There are two methods of achieving this, each with its own particularities,
based on each distribution.

Method 1.

Step 1: Define the Endpoint Protector Server IP

#EPPCLIENT_WS_SERVER=[the desired IP]
#export EPPCLIENT_WS_SERVER

Step 2: Install the Endpoint Protector Client

- for SUSE and openSUSE: #zypper install epp-client
- for CentOS, RedHat, Fedora: #yum install epp-client

Method 2.

Step 1: Install the Endpoint Protector Client

- for SUSE and openSUSE: #zypper install epp-client
- for CentOS, RedHat, Fedora: #yum install epp-client

Step 2: Run bash file to define the Endpoint Protector Server IP

#bash '/opt/cososys/share/apps/epp-client/scripts/set_epp_client_server.sh'

Information
All clients available on the repository can be found at
https://download.endpointprotector.com/repo/
182 | Endpoint Protector | User Manual

17. Support

Additional support resources are available. Please visit our website for more
manuals, FAQs, videos and tutorials, direct e-mail support and more at
https://www.endpointprotector.com/resources

Our Support department can also be contacted directly from the Endpoint
Protector User Interface from the Support section. One of our team members
will contact you in the shortest time possible.
183 | Endpoint Protector | User Manual

18. Disclaimer

Endpoint Protector Appliance does not communicate outside of your network

except with liveupdate.endpointprotector.com and cloud.endpointprotector.com.

Endpoint Protector does not contain malware software and does not send at any
time any of your private information (if Automatic Live Update Reporting is
DISABLED).

Each Endpoint Protector Server has the default SSH Protocol (22) open for
Support Interventions and there is one (1) System Account enabled (epproot)
protected with a password. The SSH Service can be disabled at customers’
request.

Security safeguards, by their nature, are capable of circumvention. CoSoSys

cannot, and does not, guarantee that data or devices will not be accessed by
unauthorized persons, and CoSoSys disclaims any warranties to that effect to
the fullest extent permitted by law.

Protector Basic and EasyLock are trademarks of CoSoSys Ltd. All rights reserved.
Windows is a registered trademark of Microsoft Corporation. Macintosh, Mac OS X,
macOS are trademarks of Apple Corporation. All other names and trademarks are the
property of their respective owners.

Hourglass Workout Program by Luisagiuliet 2
76% (21)
Hourglass Workout Program by Luisagiuliet 2
51 pages
12 Week Program: Summer Body Starts Now
87% (46)
12 Week Program: Summer Body Starts Now
70 pages
Read People Like A Book by Patrick King-Edited
58% (78)
Read People Like A Book by Patrick King-Edited
12 pages
Livingood, Blake - Livingood Daily Your 21-Day Guide To Experience Real Health
77% (13)
Livingood, Blake - Livingood Daily Your 21-Day Guide To Experience Real Health
260 pages
Cheat Code To The Universe
94% (79)
Cheat Code To The Universe
34 pages
Facial Gains Guide (001 081)
91% (45)
Facial Gains Guide (001 081)
81 pages
Curse of Strahd
95% (467)
Curse of Strahd
258 pages
The Psychiatric Interview - Daniel Carlat
91% (34)
The Psychiatric Interview - Daniel Carlat
473 pages
The Borax Conspiracy
91% (57)
The Borax Conspiracy
14 pages
Shortcut To Shred Ebook Revised 9-9-2015 PDF
88% (8)
Shortcut To Shred Ebook Revised 9-9-2015 PDF
15 pages
The Secret Language of Attraction
86% (107)
The Secret Language of Attraction
278 pages
How To Develop and Write A Grant Proposal
83% (542)
How To Develop and Write A Grant Proposal
17 pages
Workbook For The Body Keeps The Score
88% (52)
Workbook For The Body Keeps The Score
111 pages
Donald Trump & Jeffrey Epstein Rape Lawsuit and Affidavits
83% (1016)
Donald Trump & Jeffrey Epstein Rape Lawsuit and Affidavits
13 pages
KamaSutra Positions
78% (69)
KamaSutra Positions
55 pages
7 Hermetic Principles
93% (30)
7 Hermetic Principles
3 pages
27 Feedback Mechanisms Pogil Key
77% (13)
27 Feedback Mechanisms Pogil Key
6 pages
Frank Hammond - List of Demons
92% (92)
Frank Hammond - List of Demons
3 pages
36 Questions That Lead To Love
91% (35)
36 Questions That Lead To Love
3 pages
How 2 Setup Trust
97% (307)
How 2 Setup Trust
3 pages
100 Questions To Ask Your Partner
80% (35)
100 Questions To Ask Your Partner
2 pages
The 36 Questions That Lead To Love - The New York Times
94% (34)
The 36 Questions That Lead To Love - The New York Times
3 pages
Satanic Calendar
25% (56)
Satanic Calendar
4 pages
The 36 Questions That Lead To Love - The New York Times
95% (21)
The 36 Questions That Lead To Love - The New York Times
3 pages
Jeffrey Epstein39s Little Black Book Unredacted PDF
75% (12)
Jeffrey Epstein39s Little Black Book Unredacted PDF
95 pages
14 Easiest & Hardest Muscles To Build (Ranked With Solutions)
100% (7)
14 Easiest & Hardest Muscles To Build (Ranked With Solutions)
27 pages
ALCHEMIST
64% (14)
ALCHEMIST
4 pages
1001 Songs
70% (71)
1001 Songs
1,798 pages
The 4 Hour Workweek, Expanded and Updated by Timothy Ferriss - Excerpt
23% (954)
The 4 Hour Workweek, Expanded and Updated by Timothy Ferriss - Excerpt
38 pages
Zodiac Sign & Their Most Common Addictions
63% (30)
Zodiac Sign & Their Most Common Addictions
9 pages
UoG-LLD V 1 0
0% (1)
UoG-LLD V 1 0
90 pages
002.11.6: Kaspersky Endpoint Security and Management. Unit III. Endpoint Control
No ratings yet
002.11.6: Kaspersky Endpoint Security and Management. Unit III. Endpoint Control
69 pages
Bitdefender GravityZone AdministratorsGuide 3 enUS
No ratings yet
Bitdefender GravityZone AdministratorsGuide 3 enUS
331 pages
Wifi Proposal
No ratings yet
Wifi Proposal
134 pages
OpenText Media Management 16.5.5 - Administration Guide English (MEDMGT160505-AGD-EN-02)
No ratings yet
OpenText Media Management 16.5.5 - Administration Guide English (MEDMGT160505-AGD-EN-02)
452 pages
SecurOS Auto User Guide
No ratings yet
SecurOS Auto User Guide
85 pages
WR Firewall Programmers Guide 1.1 PDF
No ratings yet
WR Firewall Programmers Guide 1.1 PDF
133 pages
Epp 4
No ratings yet
Epp 4
180 pages
Endpoint Protector
No ratings yet
Endpoint Protector
178 pages
User Manual For Version 5.2.0.6
No ratings yet
User Manual For Version 5.2.0.6
180 pages
4ipnet Man Hsg326
No ratings yet
4ipnet Man Hsg326
216 pages
TWS For Z/os
No ratings yet
TWS For Z/os
164 pages
Bitdefender GravityZone AdministratorsGuide 1 EnUS
No ratings yet
Bitdefender GravityZone AdministratorsGuide 1 EnUS
261 pages
Endpoint Protector 4 User Manual en
No ratings yet
Endpoint Protector 4 User Manual en
192 pages
User Guide Nshield Connect 12.80 Linux
No ratings yet
User Guide Nshield Connect 12.80 Linux
495 pages
Soa Best Practices
No ratings yet
Soa Best Practices
160 pages
Spru187u Optimizingcompiler
No ratings yet
Spru187u Optimizingcompiler
278 pages
SG 248069
No ratings yet
SG 248069
366 pages
dm3 Diagnostics Win v7
No ratings yet
dm3 Diagnostics Win v7
179 pages
CMA 0037 HOLTER Custo Guard Holter Custo Diagnostic 5 9 en GB 001 20240110 DK 2244
No ratings yet
CMA 0037 HOLTER Custo Guard Holter Custo Diagnostic 5 9 en GB 001 20240110 DK 2244
95 pages
OpenScape Business V1 Administrator Documentation
100% (2)
OpenScape Business V1 Administrator Documentation
1,407 pages
DataPower ServicePlanning Implementation BestPractices
No ratings yet
DataPower ServicePlanning Implementation BestPractices
160 pages
Sappress Web Dynpro For Abap
No ratings yet
Sappress Web Dynpro For Abap
53 pages
SYS600 Operation Manual
100% (1)
SYS600 Operation Manual
166 pages
NetDEVSDK User Manual
No ratings yet
NetDEVSDK User Manual
767 pages
Spru 187 o
No ratings yet
Spru 187 o
229 pages
Op Guide
No ratings yet
Op Guide
291 pages
Bitdefender GravityZone PartnersGuide 1 EnUS
No ratings yet
Bitdefender GravityZone PartnersGuide 1 EnUS
396 pages
CMS Client Manual (V5.90)
0% (1)
CMS Client Manual (V5.90)
106 pages
CifX ComX NetJACK Configuration by NetX Configuration Tool OI 06 en
No ratings yet
CifX ComX NetJACK Configuration by NetX Configuration Tool OI 06 en
190 pages
MSP430 Optimizing C - C++ Compiler
No ratings yet
MSP430 Optimizing C - C++ Compiler
184 pages
Kistler Sheet
No ratings yet
Kistler Sheet
206 pages
Bitdefender EndpointSecurityToolsForWindows UsersGuide EnUS
No ratings yet
Bitdefender EndpointSecurityToolsForWindows UsersGuide EnUS
50 pages
Aix Hacmp
100% (1)
Aix Hacmp
240 pages
PDF Sec Guide Ehsm 6.0 en
No ratings yet
PDF Sec Guide Ehsm 6.0 en
70 pages
Security Guide 450
No ratings yet
Security Guide 450
136 pages
Security Guide For IBM I V6.1: Front Cover
No ratings yet
Security Guide For IBM I V6.1: Front Cover
426 pages
2GCS213014A0050 - RVT Communication Through Modbus, USB or TCPIP Protocol
No ratings yet
2GCS213014A0050 - RVT Communication Through Modbus, USB or TCPIP Protocol
73 pages
3HAC065037-001
No ratings yet
3HAC065037-001
262 pages
SystemTap Beginners Guide
No ratings yet
SystemTap Beginners Guide
96 pages
User's Guide: MSP430 Optimizing C/C++ Compiler v18.1.0.LTS
No ratings yet
User's Guide: MSP430 Optimizing C/C++ Compiler v18.1.0.LTS
181 pages
Technical Description TED RC BR7.0 PDF
No ratings yet
Technical Description TED RC BR7.0 PDF
144 pages
Manual Connect - Brain en
No ratings yet
Manual Connect - Brain en
229 pages
Encase-ugd-en
No ratings yet
Encase-ugd-en
762 pages
Manuel Geant4 PDF
No ratings yet
Manuel Geant4 PDF
385 pages
Sample Book - Cloud Integration With SAP Integration Suite-SAP Press
No ratings yet
Sample Book - Cloud Integration With SAP Integration Suite-SAP Press
51 pages
external-debug-security
No ratings yet
external-debug-security
22 pages
Kerio Connect Admin Guide en 7.1.0 1792
No ratings yet
Kerio Connect Admin Guide en 7.1.0 1792
412 pages
Smart Card Applications: Design models for using and programming smart cards
From Everand
Smart Card Applications: Design models for using and programming smart cards
Wolfgang Rankl
No ratings yet
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
Prediction of Burnout: An Artificial Neural Network Approach
From Everand
Prediction of Burnout: An Artificial Neural Network Approach
Felix Ladstätter
No ratings yet
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
Benefits of semantic data models. A study in the European goods transport industry
From Everand
Benefits of semantic data models. A study in the European goods transport industry
Andreas A. Pelekies
No ratings yet
Developing Intelligent Agent Systems: A Practical Guide
From Everand
Developing Intelligent Agent Systems: A Practical Guide
Lin Padgham
3/5 (1)
Structural Health Monitoring
From Everand
Structural Health Monitoring
Daniel Balageas
No ratings yet
Facility Management: Business Process Integration
From Everand
Facility Management: Business Process Integration
Alexander Redlein
No ratings yet
Content Creation Revolution with chatGPT
From Everand
Content Creation Revolution with chatGPT
Maria Cowen
No ratings yet
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
No ratings yet
Cybersecurity for Executives: A Guide to Protecting Your Business
From Everand
Cybersecurity for Executives: A Guide to Protecting Your Business
Matthew C. Smith
No ratings yet
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
From Everand
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
Jay Nans
No ratings yet
Kaspersky Web Traffic Security: The Benefits and Strategic Importance of
No ratings yet
Kaspersky Web Traffic Security: The Benefits and Strategic Importance of
4 pages
Independent Tests of Anti-Virus Software: Endpoint Prevention and Response EPR Comparative Report
No ratings yet
Independent Tests of Anti-Virus Software: Endpoint Prevention and Response EPR Comparative Report
31 pages
Kaspersky Vulnerability and Patch Management Datasheet
No ratings yet
Kaspersky Vulnerability and Patch Management Datasheet
2 pages
Secured Perimeter: Product Highlights
No ratings yet
Secured Perimeter: Product Highlights
2 pages
ks4ws Netstorage Guide en
No ratings yet
ks4ws Netstorage Guide en
87 pages
Test
100% (2)
Test
12 pages
High-Performance Cybersecurity For Network-Attached Storages
No ratings yet
High-Performance Cybersecurity For Network-Attached Storages
2 pages
KL 002.11.1 en Labs v2.1.5 PDF
No ratings yet
KL 002.11.1 en Labs v2.1.5 PDF
145 pages
212.11.1 Whats New
No ratings yet
212.11.1 Whats New
5 pages
Kaspersky Web Traffic Security: The Benefits and Strategic Importance of
No ratings yet
Kaspersky Web Traffic Security: The Benefits and Strategic Importance of
4 pages
FSPM 15.00 Adminguide Eng
No ratings yet
FSPM 15.00 Adminguide Eng
131 pages
Device Control Application Control Host Intrusion Prevention Web Control
No ratings yet
Device Control Application Control Host Intrusion Prevention Web Control
1 page
Vipul Shukla - Resume.
No ratings yet
Vipul Shukla - Resume.
2 pages
How To Foot Note, Endnote in MS Word
No ratings yet
How To Foot Note, Endnote in MS Word
5 pages
Spoty Free
No ratings yet
Spoty Free
8 pages
META19 Poster Template
No ratings yet
META19 Poster Template
1 page
Kings: UNIT-1 Part (2 Marks)
No ratings yet
Kings: UNIT-1 Part (2 Marks)
4 pages
How To Make Better Excel Spreadsheets - 10 Tips To Make Excel Files User-Friendly - Chandoo
No ratings yet
How To Make Better Excel Spreadsheets - 10 Tips To Make Excel Files User-Friendly - Chandoo
10 pages
Cloud Unit 2
No ratings yet
Cloud Unit 2
3 pages
Openshift Lab
No ratings yet
Openshift Lab
23 pages
Vllo App Logo - Google Search
No ratings yet
Vllo App Logo - Google Search
1 page
Alpa Intouch
No ratings yet
Alpa Intouch
8 pages
Manufacturing Execution Systems (MES) : Overview and Case Study
100% (3)
Manufacturing Execution Systems (MES) : Overview and Case Study
21 pages
Computer Based Training (CBT) Scheme: Objective
No ratings yet
Computer Based Training (CBT) Scheme: Objective
1 page
Stack-1724157084991 STK
No ratings yet
Stack-1724157084991 STK
2 pages
REACT.JS PPT-final
No ratings yet
REACT.JS PPT-final
90 pages
Plans
No ratings yet
Plans
10 pages
Mapa Do E-Commerce
No ratings yet
Mapa Do E-Commerce
1 page
Rule Based Programming: 3rd Year, 2nd Semester
No ratings yet
Rule Based Programming: 3rd Year, 2nd Semester
21 pages
Compnay Profile KNOVA
No ratings yet
Compnay Profile KNOVA
21 pages