DriveLock Security as a Service Managed Endpoint Protection Clo… · DriveLock Security as a...
Transcript of DriveLock Security as a Service Managed Endpoint Protection Clo… · DriveLock Security as a...
DriveLock Security as a Service
Managed Endpoint Protection
Cloud Configuration Overview – Version 2019.1
DriveLock SE 2019
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 2 of 69
Content
DriveLock Security as a ServiceManaged Endpoint Protection
Cloud Configuration Overview – Version 2019.1ContentScope of this documentDrives
SettingsShadowing configurationRemovable Drive locking
Floppy disk drivesCD-ROM drivesUSB bus connected drivesFirewire (1394) bus connected drivesSD card drives (SD-bus)Other removable drivesNetwork drives and sharesWebDAV-based network drivesWindows Terminal Services (RDP) client drive mappingsCitrix XenDesktop (XenApp, ICA) client drive mappings
File filter templatesFile type definitionsFile type groups
DevicesDevice class locking
Controllers and Ports1394 (Firewire) controllersBluetooth transmitters / radiosInfrared interfacesParallel ports (LPT)PCMCIA controllersSerial ports (COM)USB controllers
DevicesBiometric devicesDebugging and software protection devices (WinUSB, ADB)ePassport reader devicesExternal display adaptersHuman Interface DevicesIEC 61883 (AVC) bus devicesIn-circuit emulator devicesMedia Center Extender devicesMedia player / Portable devicesModemsNetwork adaptersPCMCIA and Flash memory devicesPrintersScanners and camerasSecure Digital host controllersSensor devicesSideShow devicesSmartcard readersSound, video and game controllersTape drivesVirtualization devices (VMWare)
SmartphonesApple devicesOther mobile devices
Network profilesSettings
Agent end-user appearanceTaskbar notification area settings
ApplicationsSettingsApplication rules
Publisher certificate rulesSpecial rulesOther rules
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 3 of 69
File name or path rulesEncryption
SettingsDriveLock Encryption 2-Go
SettingsContainer password recoveryEnforce encryption
DriveLock File ProtectionSettingsEncrypted folder recoveryEnforce encryption
BitLocker ManagementEncryption certificatesPre-boot authentication settingsHarddisk encryption settings
Security awarenessSettings
Security awareness user interface settingsCustom usage policy texts and options
CampaignsContent
Systems managementSettings
Hardware and software inventoryClient compliance reporting settings
Self-Service groupsGlossary
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 4 of 69
Scope of this document
This document describes the available settings for policy configuration.
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 5 of 69
Drives Back to top
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices / Locking Drives
Settings Back to top
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices / Locking Drives / Configuring Drive Locking InBasic Configuration Mode
Property Value Comment
Audit drive insertion / removal /locking
Enabled
Disabled
Unlock drives when service is stopped(only Windows 2000 and XP)
Enabled
Disabled
Always allow access to administrators Enabled
Disabled
Users and groups who can format andeject removable media
E.g. NT-AUTORITÄT\Authentifizierte Benutzer
Custom user notification messages Enabled
Disabled
Drive locking message Drive %DRV% was added to this computer and this drive will be controlledbased on company policy. You may not be able to access data on the drive.
Message when computer restart isneeded before drive can be usedagain
Because of a system error drive %DRV% may not function correctly until thecomputer is restarted.
Temporary unlocking message -unlock until specific time
Default
Temporary unlocking message -unlock for number of minutes
Default
Message when CD/DVD burningattempt is blocked
Writing to CDs or DVDs on drive %DRV% is denied by company policy. Youwill not be able to record data to any CD or DVD media.
Message when drive is attached anduser has read-only access
Drive %DRV% was added to this computer and this drive will be controlledbased on company policy. You do not have write access to this drive.
File blocked by content filteringmessage
The file "%PATH%" was blocked because of company policy: %REASON%.
Disable floppy disk drives polling(turn off clicking sound)
Enabled
Disabled
Media change polling interval 250 msecO O 500 msec (recommended for VMWare)
1000 msecO 1500 msecO 3000 msecO
Monitor volumes without mount point Enabled
Disabled
Lock unencrypted drives whenencryption is enforced but notlicensed
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 6 of 69
Block access when filter drivercommunication is interrupted
Enabled
Disabled
Activate enforced encryption whenusers are connected using RemoteDesktop (RDP)
Enabled
Disabled
Disable all DriveLock File Protectioncomponents
Enabled
Disabled
Ignore system threads whencontrolling drives
Enabled
Disabled
Ignore kernel mode access whencontrolling drives
Enabled
Disabled
Do not change current drive statuswhen a network changes is detected
Enabled
Disabled
Do not change current drive statuswhen the configuration is refreshed
Enabled
Disabled
Shadowing configuration Back to top
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices / Locking Drives / Configuring Advanced DriveLocking Settings / Monitoring Data Transfers by Using Shadowing / Configuring Global Shadowing Settings
Property Value Comment
Location for storing shadowed fileson client
O Default (Stores shadow files under C:\ProgramData)Fixed locationO
Storage limitations Shadow files up to ___ KB size
Shadow only copies ___ KB of the file
Do not use more than ___ MB of local disk space
Local storage clean-up settings Run clean-up every ___ minutes
O Delete oldest files first Delete largest files firstO Do not delete, lock drives when local storage is fullO
Delete files older than ___ days
Upload shadowed files to centrallocation
O Do not upload filesFile shareO
Upload files every ___ minutes
Create a local shared folder on clients Enabled
Disabled
Do not delete local files afteruploading to central location
Enabled
Disabled
Exclude selected processes fromshadowing and auditing
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 7 of 69
Processes to exclude from shadowingand auditing
Administrator-selected application (.EXE file)
Predefined application
Panda Antivirus
Avira Antivir
Kaspersky Antivirus
McAfee Virus Scan
TrendMicro OfficeScan
Sophos AntiVirus
Symantec Client Security
F-Secure Antivirus
Also exclude selected processes fromfile filtering
Enabled
Disabled
Also exclude child processes fromshadowing, auditing and/or filtering
Enabled
Disabled
Exclude selected users fromshadowing and auditing
Enabled
Disabled
Users to exclude from shadowing andauditing
NT-AUTHORITÄT\SYSTEM
Also exclude selected users from filefiltering
Enabled
Disabled
Removable Drive locking Back to top
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices / Locking Drives / Configuring Drive Locking InBasic Configuration Mode / Enabling Drive Locking
Floppy disk drives Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 8 of 69
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Also display message when access is granted
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Commands Run program when drive is connected and lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is connected and not lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is disconnectedCommand line: ________________________________________
Run as the currently logged-on user
CD-ROM drives Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 9 of 69
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Also display message when access is granted
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Encryption Require drive to be encrypted
Do not automatically mount encrypted media
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
CD/DVD Blocking options Disable soft blocking (do not hide CD/DVD writing capabilities)
Do not display user notification messages
Disable Windows XP built-in CD writing (regardless of permissions)
CD/DVD User/support staff notification Change hardware revision information to "Lock" when CD/DVD writing isdenied
Change hardware vendor information
CD/DVD Compatibility Do not filter CD/DVD-write operations (do not block CD burning)
Do not intercept low-level hardware drivers
Commands Run program when drive is connected and lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is connected and not lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is disconnectedCommand line: ________________________________________
Run as the currently logged-on user
USB bus connected drives Back to top
Property Value Comment
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 10 of 69
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Also display message when access is granted
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Encryption Require drive to be encrypted
Automatically encrypt unencrypted media
Encrypt on first write attempt (allow unencrypted read access)
Strict checking for encrypted media (no non-DriveLock files allowed)
Do not automatically mount encrypted media
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 11 of 69
Drive letters When a drive is connected, assign the first unused drive letter in list:
A:
B:
C:
D:
E:
F:
G:
H:
I:
J:
K:
L:
M:
N:
O:
P:
Q:
R:
S:
T:
U:
V:
W:
X:
Y:
Z:
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 12 of 69
Commands Run program when drive is connected and lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is connected and not lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is disconnectedCommand line: ________________________________________
Run as the currently logged-on user
Firewire (1394) bus connected drives Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Also display message when access is granted
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Encryption Require drive to be encrypted
Automatically encrypt unencrypted media
Encrypt on first write attempt (allow unencrypted read access)
Strict checking for encrypted media (no non-DriveLock files allowed)
Do not automatically mount encrypted media
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 13 of 69
Drive letters When a drive is connected, assign the first unused drive letter in list:
A:
B:
C:
D:
E:
F:
G:
H:
I:
J:
K:
L:
M:
N:
O:
P:
Q:
R:
S:
T:
U:
V:
W:
X:
Y:
Z:
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 14 of 69
Commands Run program when drive is connected and lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is connected and not lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is disconnectedCommand line: ________________________________________
Run as the currently logged-on user
SD card drives (SD-bus) Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Also display message when access is granted
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Encryption Require drive to be encrypted
Automatically encrypt unencrypted media
Encrypt on first write attempt (allow unencrypted read access)
Strict checking for encrypted media (no non-DriveLock files allowed)
Do not automatically mount encrypted media
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 15 of 69
Drive letters When a drive is connected, assign the first unused drive letter in list:
A:
B:
C:
D:
E:
F:
G:
H:
I:
J:
K:
L:
M:
N:
O:
P:
Q:
R:
S:
T:
U:
V:
W:
X:
Y:
Z:
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 16 of 69
Commands Run program when drive is connected and lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is connected and not lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is disconnectedCommand line: ________________________________________
Run as the currently logged-on user
Other removable drives Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Also display message when access is granted
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Encryption Require drive to be encrypted
Automatically encrypt unencrypted media
Encrypt on first write attempt (allow unencrypted read access)
Strict checking for encrypted media (no non-DriveLock files allowed)
Do not automatically mount encrypted media
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 17 of 69
Drive letters When a drive is connected, assign the first unused drive letter in list:
A:
B:
C:
D:
E:
F:
G:
H:
I:
J:
K:
L:
M:
N:
O:
P:
Q:
R:
S:
T:
U:
V:
W:
X:
Y:
Z:
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 18 of 69
Commands Run program when drive is connected and lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is connected and not lockedCommand line: ________________________________________
Run as the currently logged-on user
Run program when drive is disconnectedCommand line: ________________________________________
Run as the currently logged-on user
Network drives and shares Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
WebDAV-based network drives Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 19 of 69
Windows Terminal Services (RDP) client drive mappings Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
Encryption Require drive to be encrypted
Automatically encrypt unencrypted media
Encrypt on first write attempt (allow unencrypted read access)
Strict checking for encrypted media (no non-DriveLock files allowed)
Do not automatically mount encrypted media
Citrix XenDesktop (XenApp, ICA) client drive mappings Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter files read from or written todrives of this type
Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
Encryption Require drive to be encrypted
Automatically encrypt unencrypted media
Encrypt on first write attempt (allow unencrypted read access)
Strict checking for encrypted media (no non-DriveLock files allowed)
Do not automatically mount encrypted media
File filter templates Back to top
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 20 of 69
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices / Locking Drives / Configuring Advanced DriveLocking Settings /Creating File Filters
Property Value Comment
Template description
Comment
When reading files O Allow all filesAllow only selected extensionsO Do not allow selected extensionsO
Use the same settings when writing files
Block files which are not content-scanned
File extensions to filter when readingfiles
See file types and file type groups below
When writing files Use the same settings as when reading files
O Allow all filesAllow only selected extensionsO Do not allow selected extensionsO
Block files which are not content-scanned
File extensions to filter when readingfiles
See file types and file type groups below
Audit files O NoneAll filesO Read from removable mediaO Written to removable mediaO
Audit conditions O AllSuccess (access allowed)O Failure (access denied)O
Shadowing settings O NoneAll filesO Files read from removable mediaO Files written to removable mediaO
Shadow only selected file extensions
Do not shadow selected file extensions (exception list)___________________________________
Exceptions Exclude selected processes from shadowing and auditing
Also exclude selected processes from file filtering
Also exclude child processes from shadowing, auditing and/orfiltering
Exclude selected users from shadowing and auditing
Also exclude selected users from file filtering
Exclude selected folders fromfiltering, shadowing and auditing
Enabled
Disabled
________________________________________
Exclude selected files from filtering,shadowing and auditing
Enabled
Disabled
________________________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 21 of 69
Other options When reading, deny access to files larger than ___ KB
When writing, deny access to files larger than ___ KB
Archives When reading, scan archives
Block nested archives
Block password-protected archives
When writing, scan archives
Block nested archives
Block password-protected archives
Computer exceptions O Rule is active on any computerRule is active only on selected computersO Rule is active on all computers, except the ones selectedO
Network exceptions O Rule is active in any network locationRule is active only in selected network locationsO Rule is active on all networks, except the ones selectedO
User exceptions O Rule is active for all users and groupsRule is active only for selected users and groupsO Rule is active for all users and groups, except the ones selectedO
File type definitions Back to top
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices / Locking Drives / Configuring Advanced DriveLocking Settings /Creating File Filters / Defining File Types
ACCDB, ACCDE, ACCDT, ACCDR, ACE, AI, AIF, ANI, APK, ARC, ARJ, ASF, AVI, AX, BMP, BUP, BKF, CBR, CDR, CHM, CPL, CRX,DBF, DEB, DIVX, DLL, DMG, DOC, DOT, DSS, DWG, DVX, EPUB, EXE, FLT, FLV, FON, GADGET, GDOC, GDRAW, GIF, GSHEET,GSLIDES, GZ, GZIP, HEIC, HEIF, ICO, IFO, IND, INDD, ITL, JAR, JFIF, JPE, JPEG, JPG, LHA, LZH, M4P, M4A, M4V, MDB, MDE,MDI, MID, MIDI, MK3D, MKA, MKS, MKV, MPG, MPEG, MPP, MSG, MSI, MSP, MSM, NUMBERS, OCX, ODM, ODP, ODT, OGG,ONE, OST, OTF, OTP, OTT, PAGES, PDF, PIF, PNG, PPS, PPT, PPZ, PS, PSD, PSP, PSPIMAGE, PST, RAR, RM, RPM, RTF, SCR,SITX, SNP, SWF, SYS, TAR, TGZ, THM, TTF, VHD, VHDX, VOB, VSD, VXD, WAV, WEBM, WIZ, WMA, WMF, WMV,VDX, VMSN, WPD, WPS, XAR, XIP, XLA, XLR, XLS, XLT, XPI, XPS, ZIP, ZIPX, 386, 3G2, 3GP, 7Z
File type groups Back to top
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices / Locking Drives / Configuring Advanced DriveLocking Settings /Creating File Filters / Defining File Type Groups
Property Value Comment
Archives 7Z, ACE, ARJ, CAB, CBR, DEB, GZ, GZIP, LZH, JAR, PKG, RAR, RPM,SITX, TAR, Z, ZIP, ZIPX, XAR
Audio files MP3, M4P, M4A, WMA, WAV, MID, AAC, AIF, MPA, WAV, WMA, OGG
CAD files DWG, DXF
Certificate files CER, CRT, DER, P7B, P7C, P12, PFX, PEM
Database files ACCDB, MDB, MDF, DBF
Disk image files BIN, CUE, DMG, ISO, TOAST
Executables EXE, SCR, PIF, DLL, BAT, CMD, COM, JS, SYS, VS, VBS, PS1, OCX, JSE,VBE, CPX, XPI, APK, GADGET, JAR, WSF, SQL
Font files FON, OTF, TTF
Images AI, EPS, PS, SVG, CMX, BMP, GIF, HEIC, HEIF, JPG, JPEG, PNG, PSD,PSP, PSPIMAGE, TGA, THM, TIF, TIFF
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 22 of 69
Office documents DOC, DOCX, DOT, DOTX, DOCM, XLR, XLS, XLSX, PPT, PPTX, PPS,PPSX, PDF, MPP, RTF, XPS, KEY, NUMBERS, RPT, MSG, ODT, PAGES,PD, PS, TT, ODM, EPUB, PST, OST, GDOC, GDRAW, GSHEET, GSLIDES,ODP, OTP, POTX, IND, INDD, TMP, .
Temporary files TMP, TEMP, .
Text documents TXT, LOG
Video files 3G2, 3GP, AVI, FLV, M4V, MKV, MOV, MP4, MPG, MPEG, MPG2, RM, SWF,VOB, IFO, BUP, WMV, DVX, DIVX
Virtual disks VMDK, VMSN, VHD, VHDX
Devices Back to top
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices /Locking Devices
Device class locking Back to top
Reference: DriveLock Admin Guide 2019.1 / Locking Drives and Devices /Locking Devices / Configuring Advanced DeviceLocking Settings / Enabling Device Locking
Controllers and Ports Back to top
1394 (Firewire) controllers Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceAllow deviceO
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 23 of 69
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Bluetooth transmitters / radios Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceAllow deviceO
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 24 of 69
Infrared interfaces Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Parallel ports (LPT) Back to top
Property Value Comment
Lock status O AllowDeny (lock) for all usersO Deny (lock), but allow access for defined users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
PCMCIA controllers Back to top
Property Value Comment
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 25 of 69
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Serial ports (COM) Back to top
Property Value Comment
Lock status O Allow O Deny (lock) for all usersO Deny (lock), but allow access for defined users and groups
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Ignore COM port devices Hardware ID: __________________________
USB controllers Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 26 of 69
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Devices Back to top
Biometric devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 27 of 69
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Debugging and software protection devices (WinUSB, ADB) Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 28 of 69
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
ePassport reader devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 29 of 69
External display adapters Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Human Interface Devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 30 of 69
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
IEC 61883 (AVC) bus devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 31 of 69
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
In-circuit emulator devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 32 of 69
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Media Center Extender devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 33 of 69
Media player / Portable devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Modems Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 34 of 69
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Network adapters Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 35 of 69
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
PCMCIA and Flash memory devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 36 of 69
Printers Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Scanners and cameras Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 37 of 69
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Secure Digital host controllers Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 38 of 69
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Sensor devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 39 of 69
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
SideShow devices Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 40 of 69
Smartcard readers Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Sound, video and game controllers Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 41 of 69
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Tape drives Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 42 of 69
Do not restart these devices whenanother user logs on
Enabled
Disabled
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Virtualization devices (VMWare) Back to top
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Machine-learning: Learn devicesduring installation, allow thesedevices and block any deviceconnected later
Enabled
Disabled
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Disabled locked devices in devicemanager
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 43 of 69
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Smartphones Back to top
Apple devices Back to top
Property - Apple devices Value Comment
Lock status O Allow O Deny (lock) for all usersO Deny (lock), but allow access for defined users and groups
E.g. NT-AUTORITÄT\Authentifizierte Benutzer (Read / write)
Filter/Shadow Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
iTunes Always block selected synchronisation types
Music
Videos
Pictures
Applications
Audio books
eBooks (and PDF files)
Contacts
Calendars
Mail accounts
Bookmarks
Notes
Audit all transferred files and data
Audit system files and objects
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 44 of 69
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Also display message when access is granted
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Other mobile devices Back to top
Android devicesWindows Mobile handheld devices and SmartphonesPalm OS handheld devices and SmartphonesBlackBerry devicesMobile phones
Property Value Comment
Enable controlling devices of thisdevice class
Enabled
Disabled
Default action when a device of thisclass is connected and no whitelistrule is present
O Block deviceO Allow device
Audit device events for devices of thistype
Enabled
Disabled
Do not show user notifications fordevices of this type
Enabled
Disabled
Do not lock system devices of thistype
Enabled
Disabled
Do not restart these devices whenanother user logs on
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 45 of 69
Filter/Shadow Filter files read from or written to drives of this type
Audit and shadow files read from or written to drives of this type
Filter / audit / shadow files using template
Default Filter (All files R/W)
Default Filter (All files Read only)
Allow access as configured only to selected subfolders
Folder path: ________________________
Awareness O Do not show usage policy or security awareness campaignUse settings configured under “Removable drive locking”O Show usage policy (to be accepted by users)O
Launch self-service unlock after accepting usage policy
O Do not require password for accepting usage policyRequire fixed password for accepting usage policyO Require Windows password for accepting usage policyO
Allow authorized user login
O Show security awareness campaign ________________________
Network profiles Back to top
Reference: DriveLock Admin Guide 2019.1 / Configuring Network Locations and Profiles
Settings Back to top
Property Value Comment
Disable Wi-Fi connections whencomputer is connected to LAN
Enabled
Disabled
Agent end-user appearance Back to top
Property Value Comment
Allow users to configure personalnetworking profiles
Enabled
Disabled
Taskbar notification area settings Back to top
Property Value Comment
User notification type O Display balloon messageDisplay popup windowO NoneO
Display notification area icon Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 46 of 69
Play sound when a message isdisplayed
Enabled
Disabled
Display messages for 10 - 30 seconds
Applications Back to top
Reference: DriveLock Admin Guide 2019.1 / DriveLock Application Control / Smart AppGuard
Settings Back to top
Property Value Comment
Scanning and blocking mode O OffAudit only, including DLLsO Autid onlyO Whitelist, including DLLs (simulate)O Whitelist (simulate)O WhitelistO , including DLLsWhitelistO BlacklistO , including DLLs (simulate)Blacklist (simulate)O Blacklist, including DLLsO BlacklistO
Hash algorithm to use for hash-basedrules
O MD5SHA-1O SHA-224O SHA-256O SHA-384O SHA-512O
Application control caching (cachingof rule matching results)
Enabled
Disabled
Upload local whitelist to DES Enabled
Disabled
Always audit application execution(independent of blocking mode)
Enabled
Disabled
Custom user notification messages Enabled
Disabled
Application locking message (%EXE% replaced by program path and file):
___________________________________________________________
Local whitelist and predictivewhitelisting
Enabled local whitelist
Enable predictive whitelisting
Enable predictions based on publisher certificates
Path excluded from hash generationfor executed files
Set to configured list:
___________________________________________________________
Directories that are learned for thelocal whitelist
Set to configured list:
___________________________________________________________
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 47 of 69
Application rules Back to top
Reference: DriveLock Admin Guide 2019.1 / DriveLock Application Control / Smart AppGuard / Configuring ApplicationRules
Publisher certificate rules Back to top
Property Value Comment
Rule type O WhitelistBlacklistO
Rule name
Comment
Certificate subject E.g. CN=Microsoft Corporation, OU=AOC, O=Microsoft Corporation,L=Redmond, S=Washington, C=US (wildcards allowed)
Certificate issuer E.g. CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond,S=Washington, C=US (wildcards allowed)
Certificate unique ID type O Do not checkSerial numberO ThumbprintO
Certificate unique ID
Executable description * (wildcards allowed)
Executable version comparison O Do not checkand aboveO and belowO exactO
Rule is active for O EveryoneSelected users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Show security awareness campaign Enabled
Context specific campaign: ____________________________________
Disabled
App updates Trusted process
Automatic learning: add all executable files written by this executable tothe local hash database
Ask for user approval before executing the process
Rule is active during selected hours O No restriction (Any time)During selected days and hours: O Monday - Sunday | 0 - 24
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 48 of 69
Computer exceptions O Rule is active on any computerRule is active only on selected computersO Rule is active on all computers, except the ones selectedO
Network exceptions O Rule is active in any network locationRule is active only in selected network locationsO Rule is active on all networks, except the ones selectedO
User exceptions O Rule is active for all users and groupsRule is active only for selected users and groupsO Rule is active for all users and groups, except the ones selectedO
Special rules Back to top
Property Value Comment
Rule type Whitelist
Rule name
Comment
Rule is selected when O Program file is part of Windows operating system
Include additional operating system add-ons
O Program file is part of DriveLockProgram file is part of .NET FrameworkO Automatic updates are being installedO Program file detail information cannot be extractedO Any program is startedO
Ask for user approval before executing the processs
Rule is active for O EveryoneSelected users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Show security awareness campaign Enabled
Context specific campaign: ____________________________________
Disabled
Rule is active during selected hours O No restriction (Any time)O During selected days and hours: Monday - Sunday | 0 - 24
Computer exceptions O Rule is active on any computerRule is active only on selected computersO Rule is active on all computers, except the ones selectedO
Network exceptions O Rule is active in any network locationRule is active only in selected network locationsO Rule is active on all networks, except the ones selectedO
User exceptions O Rule is active for all users and groupsRule is active only for selected users and groupsO Rule is active for all users and groups, except the ones selectedO
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 49 of 69
Other rules Back to top
File name or path rules Back to top
Property Value Comment
Rule type O WhitelistO Blacklist
Description
Path e.g. C:\Program Files (x86)C:\Program Files\C:\Windows
Comment
Check for text in directory or processname
Enabled
Disabled
Template is active for O EveryoneSelected users and groupsO
E.g. NT-AUTORITÄT\Authentifizierte Benutzer
Messages Display custom message in user notification
User notification message to display when access is denied:_______________________________
Display no message when this rule is activated
Do not generate audit events when this rule is activated
Show security awareness campaign Enabled
Context specific campaign: ____________________________________
Disabled
App updates Trusted process
Automatic learning: add all executable files written by this executable tothe local hash database
Ask for user approval before executing the process
Rule is active during selected hours O No restriction (Any time)O During selected days and hours: Monday - Sunday | 0 - 24
Computer exceptions O Rule is active on any computerRule is active only on selected computersO Rule is active on all computers, except the ones selectedO
Network exceptions O Rule is active in any network locationRule is active only in selected network locationsO Rule is active on all networks, except the ones selectedO
User exceptions O Rule is active for all users and groupsRule is active only for selected users and groupsO Rule is active for all users and groups, except the ones selectedO
Encryption Back to top
Reference: DriveLock Admin Guide 2019.1 / Configuring DriveLock Encryption
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 50 of 69
Settings Back to top
Property Value Comment
Available encryption methods forremovable drives
O Container based and file basedFile based (DriveLock File Protection)O Container based (DriveLock Encryption 2-Go)O
Enforced encryption method forremovable media
O DriveLock Encryption 2-Go (container-based)DriveLock File Protection (file- and folder-based)O Let the user decideO
Allow selection of "Access volume without encryption"
Show usage policy before unlocking the volume
Allow selection of "No access to volume"
Show all licensed types of encryption in drive context menu
DriveLock Encryption 2-Go Back to top
Reference: DriveLock Admin Guide 2019.1 / DriveLock Encryption 2-Go
Settings Back to top
Property Value Comment
Encryption algorithm to be used forencrypted drives
O AESBlowfishO CAST5O Triple DESO TwofishO SerpentO AES (FIPS-mode)O Triple DES (FIPS-mode)O
Password hash algorithm to be usedfor encrypted drives
O RIPEMD-160SHA-1O WhirlpoolO SHA-1O (FIPS-mode)SHA-256O (FIPS-mode)SHA-512O (FIPS-mode)
Method to securely delete files O DoD 5220.22-M (USA)Peter Gutmann algorithmO Bruce Schneier algorithmO BSI VSITR (Germany)O Royal Canadian Mounted Police DSXO DoD 5220.22-M ECE (USA)O Random dataO
Encrypted drive file system O FAT
O NTFS
Encrypted drive cluster size O 1 KB2 KBO 4 KBO 8 KBO 16 KBO 32 KBO 64 KBO
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 51 of 69
Minimum required passwordcomplexity for encrypted drives
O Use password policy (see setting "Password complexity policy" below)Very strong (equivalent to a cryptographic key with more than 251 bits inO
length)StrongO (equivalent to a cryptographic key with 191 - 250 bits in length)MediumO (equivalent to a cryptographic key with 101 - 190 bits in length)WeakO (equivalent to a cryptographic key with 51 - 100 bits in length)
Available drive letters for mountingencrypted drives
A:
B:
C:
D:
E:
F:
G:
H:
I:
J:
K:
L:
M:
N:
O:
P:
Q:
R:
S:
T:
U:
V:
W:
X:
Y:
Z:
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 52 of 69
Enforce drive letter when mountingencrypted drives
O A:B:O C:O D:O E:O F:O G:O H:O I:O J:O K:O L:O M:O N:O O:O P:O Q:O R:O S:O T:O U:O V:O W:O X:O Y:O Z:O
No history for mounted volumes Enabled
Disabled
Do not allow running or copying of theDriveLock Mobile Encryption
Enabled
Disabled
Available context menus in WindowsExplorer
Context menu for .DLV files:
Mount drive
Unmount drive
Change password
Context menu for encrypted drives:
Unmount drive
Change password
Recover (enforced encryption)
Mount (enforced encryption)
Encrypt (enforced encryption)
Context menu for all files:
Securely delete
Context menu for all folders:
Securely delete
Context menu for all CD/DVD recorders:
Record encrypted media
Start menu configuration O No Start menu entriesStart | Programs | DriveLock Encryption 2-GoO Start | Programs | EncryptionO Start | Programs | DriveLockO Start | ProgramsO Start menuO
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 53 of 69
Available Start menu items Manage encrypted volumes
Unmount encrypted drive
Change encrypted volume password
Create encrypted volume
Mount encrypted volume
Record encrypted media
Copy DriveLock Mobile Encryption
Recover encrypted volume
Help
Menu items available from taskbaricon
Manage encrypted volumes
Unmount encrypted drive
Change encrypted volume password
Create encrypted volume
Mount encrypted volume
Record encrypted media
Copy DriveLock Mobile Encryption
Recover encrypted volume
Help
Password complexity policy Minimum password length ___ characters (default 8)
___ lower case (default 1)
___ upper case (default 1)
___ numbers (default 1)
___ special (default 1)
Treat numbers as special characters
Encrypted volume password recoverymethods
Offline (Helpdesk)
Online (Certificates on client)
User contact information for offlinecontainer recovery
Allow quick format of encryptedcontainers
Enabled
Disabled
Only allow use of encryptedcontainers created with currentDriveLock license
Enabled
Disabled
Do not allow opening encryptedcontainers with DriveLock MobileEncryption
Enabled
Disabled
Do not automatically upgradeDriveLock Mobile Encryption to newerversion during enforced encryption
Enabled
Disabled
Enforcment of FIPS 140-2-validatedcryptography
O On (disable non-FIPS cryptography)OnO OffO
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 54 of 69
Container access lockout policy Prevent access to container (lock out) after access attempts with invalidpassword
Number of invalid attempt: ___
Lock access for ___ minutes or
Lock out indefinitely (container recovery can still reset the password)
Enabled extend functions for "Changepassword"
Allow removal of administrative password
Allow removal of user password
Allow setting user password if administrative password is present
Order of menu items in taskbar icon Manage encrypted volumes
Create encrypted volume
Mount encrypted volume
Unmount encrypted drive
Change encrypted volume password
Record encrypted media
Recover encrypted volume
Copy DriveLock Mobile Encryption
Help
Bring all dialogs to top-most position Enabled
Disabled
Encrypted container password savingoptions
Allow saving passwords when creating a container
Force saving passwords when creating a container (requires "Allow")
Allow saving passwords when mounting a container
Force saving passwords when mounting a container (requires "Allow")
Restrict size of encrypted containers ___ MB (default 200 MB)
Enforced encryption: Time untilre-detection of same device is allowed
O none1 minO 3 minO 5 minO 10 minO
Do not show estimated remaining timein progress dialogs
Enabled
Disabled
Container password recovery Back to top
Property Value Comment
Set administrative password(optional)
Enabled (you will be contacted by DriveLock Cloud Operations to set thepassword)
Disabled
Do not automatically use this password when a user mounts encryptedcontainers
Certificate-based container recovery O Create new certificate (you will be contacted by DriveLock Cloud Operationsto set the password for the certificate)
Select existing certificateO
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 55 of 69
Add recovery information to existing containers that do not containrecovery information
No offline recovery - do not upload recovery information to DES
Enforce encryption Back to top
Property Value Comment
Password settings Mount or create encrypted drives using these settings:
O Use administrative password, don't prompt userPrompt user for encryption passwordO
Attempt to mount using administrative password first
Disable any administrative password for new containers
Users can disable administrative password for new containers
Disk space usage O Use entire drive for encrypted containers
Fill any remaining empty space on drives
Leave empty space of ___ KB
O Leave unencrytped space on drives
___ MB
___ percent of drive
Maximum size of encrypted container ___ MB
Encryption algorithm O AESBlowfishO CAST5O Triple DESO TwofishO SerpentO AES (FIPS-mode)O Triple DES (FIPS-mode)O
Hash algorithm O RIPEMD-160SHA-1O WhirlpoolO SHA-1 (FIPS-mode)O SHA-256 (FIPS-mode)O SHA-512 (FIPS-mode)O
File system O FATNTFSO
Cluster size O 1 KB2 KBO 4 KBO 8 KBO 16 KBO 32 KBO 64 KBO
Volume label
Perform quick-format (do not encryptcomplete container)
Enabled
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 56 of 69
Volume creation Preserve existing data (move existing data into encrypted container)
Copy DriveLock Mobile Encryption to unencrypted portion
Copy Mac OS X version
Create auto run file (AUTORUN.INF)
Use customized auto run settings
Use custom local temporary folder during volume creation
Hide encrypted container file
Automatically refomat drives larger than 4 GB
Perform quick-format
Format to NTFS instead of exFAT
Let user decide about reformatting
DriveLock File Protection Back to top
Reference: DriveLock Admin Guide 2019.1 / DriveLock File Protection
Settings Back to top
Property Value Comment
Encryption algorithm to be used forencrypted folders
O AESO BlowfishO CAST5O Triple DESO TwofishO SerpentO AES (FIPS-mode)O Triple DES (FIPS-mode)
Password hash algorithm to be usedfor encrypted folders
O RIPEMD-160O SHA-1O WhirlpoolO SHA-1 (FIPS-mode)O SHA-256 (FIPS-mode)O SHA-512 (FIPS-mode)
Format of user display names O [Last name], [First name][First name] O [Last name][Last name], [First name] ([Department])O [First name] O [Last name] ([Department])Custom valueO
Access to encrypted files in lockedfolders
O DenyAllow for administratorsO
Interval between checks for certificaterevocation
O 1 hour2 hoursO 3 hoursO 6 hoursO 10 hoursO 12O hours24O hours48O hoursAlwaysO
Start menu configuration O No Start menu entriesStart | Programs | DriveLock File ProtectionO Start | Programs | EncryptionO Start | Programs | DriveLockO Start | ProgramsO Start menuO
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 57 of 69
Available Start menu items Create encrypted folder
Create encrypted cloud storage folder
Manage certificate
Mount encrypted folder
Unmount encrypted folder
Copy encrypted folder
Move encrypted folder
Decrypt encrypted folder
Recover encrypted folder
Change encrypted folder password
Copy DriveLock Mobile Encryption
Help
Menu items available from taskbaricon
Create encrypted folder
Create encrypted cloud storage folder
Manage certificate
Mount encrypted folder
Unmount encrypted folder
Copy encrypted folder
Move encrypted folder
Decrypt encrypted folder
Recover encrypted folder
Change encrypted folder password
Copy DriveLock Mobile Encryption
Help
Available context menus in WindowsExplorer
Context menu for all folders:
Mount encrypted folder
Unmount encrypted folder
Encrypted folder users and properties
Copy encrypted folder
Move encrypted folder
Rename encrypted folder
Delete encrypted folder
Encrypt folder
Encrypted folder recovery methods Offline (Helpdesk)
Online (Certificates on client)
User contact information forencrypted folder recovery
Minimum required passwordcomplexity for encrypted folders
O Use password policy (see setting "Password complexity policy" below)O Very strong (equivalent to a cryptographic key with more than 251 bits inlength)O Strong (equivalent to a cryptographic key with 191 - 250 bits in length)O Medium (equivalent to a cryptographic key with 101 - 190 bits in length)O Weak (equivalent to a cryptographic key with 51 - 100 bits in length)
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 58 of 69
Password complexity policy Minimum password length ___ characters (default 8)
___ lower case (default 1)
___ upper case (default 1)
___ numbers (default 1)
___ special (default 1)
Treat numbers as special characters
Files and paths excepted fromencrypted folder autoregistration
Backup process names (access toencrypted data)
Do not show popup messages forautomatic folder mounting
Enabled
Disabled
Automatic mount of encrypted folders O OffFully automatic only, do not show wizardO On (show wizard if needed)O
Order of menu items in taskbar icon Create encrypted folder
Create encrypted cloud storage folder
Mount encrypted folder
Unmount encrypted folder
Decrypt encrypted folder
Change encrypted folder password
Recover encrypted folder
Manage certificate
Copy DriveLock Mobile Encryption
Help
Encrypted container password savingoptions
O Allow savingAllow saving, current session onlyO Allow saving, save by defaultO Allow saving when from another userO Allow saving, current session only, save by defaultO Do not allow savingO Always save (do not ask user)O Always saveO , current session only (do not ask user)
Drive types, where creation ofencrypted folders is allowed
Fixed drives
Network drives
Removable drives
Other drives
Paths excepted from creatingencrypted folders
TBD
Bring all dialogs to top-most position Enabled
Disabled
Drive types, where to check forunencrypted files after successfulmount
Fixed drives
Network drives
Removable drives
Other drives
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 59 of 69
Agent user interface settings Use LDAP users instead of Active Directory users (enable LDAPconnector)
Do not hide DriveLock File Protectionconfiguration database files
Enabled
Disabled
Do not allow running or copying of theDriveLock Mobile Encryption
Enabled
Disabled
DriveLock Mobile Encryption: Savechanged files without confirmation
Enabled
Disabled
Enforced encryption: Time untilre-detection of same device is allowed
noneO O 1 min
3 minO 5O min10O min
Initial encryption: Secure deletion oftemporary files
O DoD 5220.22-M (USA)Peter Gutmann algorithmO Bruce Schneier algorithmO BSI VSITR (Germany)O Royal Canadian Mounted Police DSXO DoD 5220.22-M ECE (USA)O Random dataO
Do not attach DriveLock FileProtection driver to network drives
Enabled
Disabled
Do not show estimated remaining timein progress dialogs
Enabled
Disabled
Encrypted folder recovery Back to top
Property Value Comment
Certificate-based folder recovery O Create new certificate (you will be contacted by DriveLock Cloud Operationsto set the password for the certificate)
Select existing certificateO
Add recovery information to existing folders
No offline recovery - do not upload recovery information to DES
Enforce encryption Back to top
Property Value Comment
Password settings Mount or create encrypted folders using these settings:
O Use company certificate, don't prompt userPrompt user for encryption passwordO
Attempt to mount using firstcompany certificate
Disable any for new folderscompany certificate
Users can disable for new folderscompany certificate
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 60 of 69
Encryption algorithm O AESAES (FIPS-mode)O IDEAO Triple DESO Triple DES (FIPS-mode)O
Hash algorithm O RIPEMD-160SHA-1O SHA-1 (FIPS-mode)O SHA-256 (FIPS-mode)O SHA-512 (FIPS-mode)O WhirlpoolO
Folder structure O Encrypt root folderCreate encrypted folderO
Create additional folder for unencrypted data (folder name:______________)
Create additional personal, encrypted folder without companycertificate ( : ______________)folder name
Existing data Preserve existing data (any data will be deleted when this option is notselected)
O Move to and encrypt data in encrypted folderMove to and encrypt data in additional personal folder without company O
certificateMove data to additional folder for unencrypted data O Leave data as is (no move, no encryption) O
Options Copy DriveLock Mobile Encryption (stays unencrypted)
Copy Mac OS X version
Create auto run file (AUTORUN.INF)
Use customized auto run settings
BitLocker Management Back to top
Reference: DriveLock BitLocker Management Guide 2019.1
Encryption certificates Back to top
Property Value Comment
Emergency logon and data recoverycertificates
O Create new certificate (you will be contacted by DriveLock Cloud Operationsto set the password for the certificate)
Import existing certificateO
Pre-boot authentication settings Back to top
Property Value Comment
Pre-boot authentication type O No pre-boot authentication (requires active TPM)BitLocker pre-boot authentication (BitLocker password)O
Automatically unlock all datapartitions
Enabled
Disabled
Password options User cannot change password
User must change password
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 61 of 69
Password complexity requirements Minimum password length ___ characters (default 8)
___ lower case (default 1)
___ upper case (default 1)
___ numbers (default 1)
___ special (default 1)
Treat numbers as special characters
Harddisk encryption settings Back to top
Property Value Comment
Encrypt local hard disks on Agentcomputers
Enabled
Disabled
Encryption algorithm priority (firstelement has highest priority)
AES (256 bit key length)AES-XTS (256 bit key length)AES (128 bit key length)AES-XTS (128 bit key length)AES with Elephant diffuser (256 bit key length)AES with Elephant diffuser (128 bit key length)Hardware encryption
Configure encryption settings perdrive
Enabled (specify encryption algorithm for each drive)
C: _______________
D: _______________
E: _______________
F: _______________
G: _______________
H: _______________
I: _______________
J: _______________
K: _______________
L: _______________
M: _______________
N: _______________
O: _______________
P: _______________
Q: _______________
R: _______________
S: _______________
T: _______________
U: _______________
V: _______________
W: _______________
X: _______________
Y: _______________
Z: _______________
Disabled
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 62 of 69
Initial encryption Encrypt only used disk space (fast initial encryption)
Manage existing BitLocker environment
Display warning when disks are not fully encrypted
Installation protection On configuration changes, delay decryption by ____ days
Security awareness Back to top
Reference: DriveLock Security Awareness Manual 2019.1
Settings Back to top
Security awareness user interface settings Back to top
Property Value Comment
Make window stay on top of all otherwindows during display
Enabled
Disabled
Open window in full screen mode Enabled
Disabled
Ignore full screen settings oncampaign level
Enabled
Disabled
Show custom texts for acknowledgingof campaigns
Enabled
Text on checkbox: ___________________________________Text on button: ______________________________________Custom window title: __________________________________
Disabled
Custom usage policy texts and options Back to top
Property Value Comment
Display custom content Enabled
Disabled
O Load usage policy text from file (text or RTF formatted - provide file)Usage policy text (%NAME% will be replaced with device name)O
Caption text
Buttons Accept:
Decline: __________________________________
Show on each Agent per user ___ times per session
Play video Enabled (provide file)
Do not enable the Accept button until the video finished playing
User can pause / stop the video while it is playing
Disabled
Enable the Accept button after ___ seconds
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 63 of 69
Campaigns Back to top
Reference: DriveLock Security Awareness Manual 2019.1 / Creating security awareness campaigns
Content Back to top
Property Value Comment
Content type Built-in image
Image
PDF file
RTF file
Security awareness package (select predefined content below)
Text
URL (web content)
Video file
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 64 of 69
Security awareness package Access control (Security flash)
Be careful with information (Micro learning)
Bring your own device (Security flash)
Business and personal use of Internet, email and social media (Microlearning)
Clear desk, screen & office (Security flash)
Cyber Security for Executives (Training (demo))
Cyber security (Skill test)
Cyber security (Training)
EU General Data Protection Regulation (GDPR) (Skill test)
EU General Data Protection Regulation (GDPR) (Training)
How is information classified (Micro learning)
Information classification (Security flash)
Information classification (Training)
Information classification (Skill test)
Introduction Program: Information Security (Skill test)
Introduction Program: Information Security (Training)
Know who you are dealing with (Micro learning)
Malware (Skill test)
Malware (Training)
Mobile Devices (Skill test)
Mobile Devices (Training)
Phishing (Training)
Phishing (Skill test)
Phishing (Security flash)
Report information security incidents (Micro learning)
Report security incidents (Security flash)
Risk Management (Training)
Risk Management (Skill test)
Secure your mobile devices (Micro learning)
Security Awareness for IT Professionals (Skill test)
Security Awareness for IT Professionals (Training)
Social engineering (Skill test)
Social engineering (Training)
Social engineering (Security flash)
Social media & working in the cloud (Security flash)
Strong passwords (Security flash)
The new way of working (Skill test)
The new way of working (Training)
Use of passwords (Micro learning)
Work securely outside the office (Micro learning)
Working in public places (Security flash)
Working in the cloud (Skill test)
Working in the cloud (Training)
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 65 of 69
Priority O 1 (highest)2O 3O 4O 5O 6O 7O 8O 9O 10O
Language Language Neutral
Show content for ... seconds beforeallowing acknowledgement or otherfunctions
___
User must acknowledge Enabled
Disabled
Automatically show awarenessinformation after a user logs on
Enabled
Disabled
Allow users to page through availablecontent
Enabled
Disabled
Show custom texts for acknowledgingof campaign elements
Enabled
Disabled
Trigger O independent of an eventwhen a user logs onO if used in rules (application rule must be defined)O
Show campaign max. ... times ___
Recurrence O every time the event occursonce per dayO once per weekO once per monthO once per yearO once every ___ daysO
Computer exceptions O Rule is active on any computerRule is active only on selected computersO Rule is active on all computers, except the ones selectedO
Network exceptions O Rule is active in any network locationRule is active only in selected network locationsO Rule is active on all networks, except the ones selectedO
User exceptions O Rule is active for all users and groupsRule is active only for selected users and groupsO Rule is active for all users and groups, except the ones selectedO
Systems management Back to top
Reference: DriveLock Admin Guide 2019.1 / Systems management
Settings Back to top
Hardware and software inventory Back to top
Property Value Comment
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 66 of 69
Collection of inventory data Enabled
Disabled
Collect device information Enabled
Disabled
Collect drive information Enabled
Disabled
Collect installed software information Enabled
Disabled
Collect patch and hotfix information Enabled
Disabled
Inventory starts O When the Agent service starts (not recommended)O Every ___ days
Every ___ weeksO O On demand
Start at fixed time Enabled ___:___:___
Disabled
Client compliance reporting settings Back to top
Windows Update
Verify Windows Update status
Verfiy Windows Update is enabled and running
Verfiy last successful update not older than ___ days
Verfiy no more than ___ available updates
Windows Firewall Verfiy Windows firewall enabled and running
Verfiy Windows Security Center At least one product of the following product types must be:
Firewall
Installed
Running
Up to date
Antivirus
Installed
Running
Up to date
Anti-Spyware
Installed
Running
Up to date
Self-Service groups Back to top
Reference: DriveLock Admin Guide 2019.1 / Systems management / Self-service groups
Property Value Comment
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 67 of 69
Description DriveLock Cloud Base
Comment
Rule unique identifier 33a3d20b-b388-4b73-9372-68091fd23176
Users able to manage computers NT-AUTORITÄT\Authentifizierte Benutzer
Computers manageable by users < Local computer >
Glossary Back to top
AD Active Directory
ALF Application Launch Filter
AV Anti-Virus
CSP Centrally Stored Policy
DB Data Base
DCC DriveLock Control Center
DES DriveLock Enterprise Service
DL DriveLock
DLV Extension for DriveLock Encrypted File-Containers (DriveLock Volume)
DMC DriveLock Management Console
FDE Full Disk Encryption
FFE File & Folder Encryption
MMC See DMC
MSSP Managed Security Service Provider
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 68 of 69
SecaaS Security as a Service
SOT Security Operations Team
VM Virtual Machine
VPN Virtual Private Network
DriveLock Cloud Configuration Overview 2019.1
17-Jun-2019 12:06:58 / v.99© 2019 DriveLock SE. All rights reserved. Page 69 of 69
Copyright
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwisenoted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depictedherein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, orevent is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user.
© 2019 DriveLock SE. All rights reserved.
DriveLock and others are either registered trademarks or trademarks of DriveLock SE or its subsidiaries in the United States and/or othercountries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Back to top