Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Data Loss Prevention in Worry-Free Business Security Services (WFBS-SVC)

    • Updated:
    • 2 Sep 2018
    • Product/Version:
    • Worry-Free Business Security Services 6.3
    • Worry-Free Business Security Services 6.5
    • Platform:
    • Windows 10 32-bit
    • Windows 10 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 7 32-Bit
    • Windows Vista 32-bit
Summary

Worry-Free Business Security Services (WFBS-SVC) provides pre-defined Data Loss Prevention templates for hundreds of global regulatory and compliance regulations, including PCI/DSS, HIPAA, GLBA, SB-1386, US PII, and others.

This article aims to aid administrators in configuring Data Loss Prevention in WFBS-SVC.

Details
Public
  1. Log on to the WFBS-SVC console.
  2. Navigate to the Devices tab.
  3. Select a desktop or server group to configure.
  4. Click Configure Policy.
  5. Go to the Windows tab.

    Go to Windows tab

  6. On the left panel, click Data Loss Prevention.

    Go to Data Loss Prevention

     

    The following scenarios require users to restart their endpoints to apply the DLP settings:

    • Enabling DLP for the first time.
    • Adding or moving devices to a group that has enabled DLP.
    • A child domain group that uses customized policy settings restores policy inheritance to apply the parent group policy settings, and the parent group has enabled DLP.
  7. On the Rules tab, click Add.

     
    A policy can contain a maximum of 40 rules.

    Rules tab

  8. Select Enable this rule.

    Select Enable this rule

  9. Specify a name for the rule and add a description.

    Specify rule name

  10. Select templates from the list.

     
    Each rule can contain a maximum of 200 templates.

    Select templates

     
    Use the All templates list or the search function to help you find the templates.

    Use All templates list

  11. Select the channels for the rule.

    Select Channels

    If you selected any of the network channels, specify the transmission scope.

  12. Specify the action to take after detecting sensitive data transmitted through a selected channel then click Add.

    Specify action

    • Pass: Allows and logs the transmission
    • Block: Blocks and logs the transmission
  13. Click Save.
  1. Log on to the WFBS-SVC console.
  2. Navigate to the Devices tab.
  3. Select a desktop or server group to configure.
  4. Click Configure Policy.
  5. Go to the Windows tab.

    Go to Windows tab

  6. On the left panel, click Data Loss Prevention.

    Go to Data Loss Prevention

  7. Go to the Exceptions tab.

    Exceptions tab

  8. Under Non-monitored Targets, configure any required settings.

    1. Click Add Target.
    2. Specify the network channel.

      • Email clients: Specify the target using the X500 format (for internal communication only) or the recipient's email domain or address.

        Target FormatExamples
        X500

        /o=company
        /o=company/ou=subdomain/cn=recipients/cn=user

        Email domain or address

        company.com
        user@company.com

        Network Channel_Email clients

         
        To get the LegacyExchangeDN values, refer to the KB article: Using Microsoft ldp GUI Tool to get AD LegacyExchangeDN values.
      • HTTP, HTTPS, FTP, and SMB protocols: Specify the target by IP address, host name, FQDN, or network address and subnet mask.

        Network Channel_HTTP, HTTPS, FTP, and SMB protocols

    3. Optionally, provide a note regarding the reason to exclude the target.
    4. Click Add.
  9. Under Non-monitored Removable Storage Devices, configure any required settings.

    1. Click Add Device.

      Click Add Device

    2. Specify the vendor name of the device and optionally specify the device model and serial ID then click Add.

      Specify vendor name

      Download and run the Device List Tool on an endpoint to obtain information about the external devices connected to the endpoint.

      For details on how to use the tool, refer to the Online Help section: Running the Device List Tool.

  10. Under Compressed File Scanning, configure any required settings.

    Compressed File Scanning

    For details on decompression rules, refer to the Online help section: Decompression Rules.

  11. Click Save.

WFBS-SVC evaluates a file or data against a set of rules defined in DLP policies. Policies determine files or data that requires protection from unauthorized transmission and the action that WFBS-SVC performs after detecting a transmission.

 
WFBS-SVC does not monitor data transmissions between the server and Security Agents.
SettingsDescription
Rules

A DLP rule can consist of multiple templates, channels, and actions. Each rule is a subset of the encompassing DLP policy.

 
DLP processes rules and templates by priority. If a rule is set to "Pass", DLP processes the next rule in the list. If a rule is set to "Block", DLP blocks the user action and does not process that rule/template further.
Templates

A DLP template combines data identifiers and logical operators (And, Or, Except) to form condition statements. Only files or data that satisfy a certain condition statement are subject to a DLP rule.

A DLP rule can contain one or several templates. DLP uses the first-match rule when checking templates. This means that if a file or data matches the data identifiers in a template, DLP no longer checks the other templates.

ChannelsChannels are entities that transmit sensitive information. DLP supports popular transmission channels, such as email, removable storage devices, and instant messaging applications.
ActionsDLP performs the specified action when it detects an attempt to transmit sensitive information through any of the channels.
ExceptionsExceptions act as overrides to the configured DLP rules. Configure exceptions to manage non-monitored targets and compressed file scanning.

DLP comes with the following set of predefined templates that you can use to comply with various regulatory standards. These templates cannot be modified or deleted.

  • GLBA: Gramm-Leach-Billey Act
  • HIPAA: Health Insurance Portability and Accountability Act
  • PCI-DSS: Payment Card Industry Data Security Standard
  • SB-1386: US Senate Bill 1386
  • US PII: United States Personally Identifiable Information

For a detailed list on the purposes of all predefined templates and examples of data being protected, refer to the Online Help section: Data Protection Reference Documents.

DLP monitors network, system, and application channels that can transmit sensitive information.

For the list of supported channels, refer to the Online Help section: Data Protection Reference Documents.

Network Channels

ChannelDescription
Email clientsMonitoring occurs when an email client attempts to send an email. DLP checks the email subject, body, and attachments for data identifiers.
FTPMonitoring occurs when an FTP client attempts to upload files to an FTP server. DLP checks for the presence of data identifiers in the files.
HTTP and HTTPSMonitoring occurs before data is encrypted and transmitted through HTTP and HTTPS.
IM applicationsMonitoring occurs before users send messages or files through instant messaging (IM) applications. DLP does not monitor messages or files that users receive.
SMB protocolMonitoring occurs when another user attempts to copy or read a user's shared file. DLP checks if the file is or contains a data identifier.
WebmailMonitoring occurs when a supported web-based email service attempts to transmit data through HTTP. DLP checks the data for the presence of data identifiers.

System and Application Channels

ChannelDescription
Cloud storage servicesMonitors files that users access using cloud storage services
Data recorders (CD/DVD)Monitors data recorded to a CD or DVD
PGP EncryptionMonitors data to be encrypted by PGP encryption software. DLP checks the data before encryption proceeds.
Peer-to-peer applicationsMonitors files that users share through peer-to-peer applications
Printer

Monitors printer operations initiated from various applications

DLP does not block printer operations on new files that have not been saved because printing information has only been stored in the memory at this point.

Removable storageMonitors data transmissions to or within removable storage devices
Synchronization software (ActiveSync)Monitors data transmitted to a mobile device through synchronization software
Windows clipboardMonitors data to be transmitted to Windows clipboard before allowing or blocking the transmission
Premium
Internal
Rating:
Category:
Configure; SPEC
Solution Id:
1119276
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.