Actions
DLP Actions tab
Tab DLP Actions allows defining actions that the system will take in response to events triggered by previously configured triggers. This functionality enables automating responses to security policy violations, allowing blocking of unwanted activities, executing scripts, recording activity, and performing other operations.
List of available DLP actions
Task: Execution of a PowerShell or CMD script.
Screen recording: Recording user activity before and after the event.
Screenshot: Taking a snapshot of all active screens at the time of the event.
Shutdown PC: Automatic shutdown of the computer.
Restart PC: Automatic restart of the computer.
Log off user: Logging the user out of the device.
Block operation: Preventing execution of the trigger (e.g., saving a file).
Startup message: Message displayed after logging into the operating system; appears only during login — it does not display after locking and unlocking the screen; the administrator can edit the content and display duration; useful for informing the user that the device is subject to monitoring and security policies
Screen monitoring: Periodic capture of screenshots at an interval specified by the administrator; screenshots are stored in the system logs
Add tag: Assigning a DLP tag to a file.
Remove tag: Removing a DLP tag from a file.
Key features
Independence of actions and notifications: Actions and notifications can operate together or independently of each other.
Optionality: Defining actions or notifications is not mandatory.
Configuration flexibility: Multiple actions can be added for a single trigger, each as a separate tile.
Available actions
Task
Description: Allows execution of a PowerShell or CMD script.
Configuration: Scripts are available in the Task Server, where they can be modified or new ones created.
Usage example:
Running a script that closes all desktop windows each time a blocked process is launched (e.g.,
chrome.exe).Restoring a deleted file and saving it to a network location.
Screen recording
Description: Records user activity on all monitors at the time of the policy violation.
Usage example:
Screen recording in case of an attempt to send a blocked file via e-mail.
Additional information: Recordings are stored on the server; they can be downloaded or played back in the administrative console.
Configuration: No additional parameters — the screen recording is saved automatically.
Screenshot
Description: Takes a snapshot of all active screens at the time of the policy violation.
Usage example:
An attempt to send a blocked file by e-mail results in an automatic screenshot that is sent to the administrator along with the log.
Configuration: No additional parameters — the screenshot is saved automatically.
Shutdown PC / Restart PC
Description: Automatic shutdown or restart of the computer in the event of a policy violation.
Usage example:
Shutting down the computer when a specified data transfer limit is exceeded (e.g., when downloading large files outside working hours).
Restarting the device upon any file rename.
Configuration: No additional parameters — the action is saved as a tile.
Log off user
Description: Automatic user logoff after a policy violation.
Usage example:
Logging the user off in case of an attempt to launch a blocked application, e.g., a CRM system.
Configuration: No additional parameters.
Block actions
Description: Prevents execution of a specific operation triggered by the trigger, e.g., saving a file, sending an e-mail, etc.
Usage example:
Blocking sending a file containing a price list via e-mail.
Configuration: No additional parameters — the action is saved as a tile.
Startup message
Description: The welcome message is displayed only during initialization of a new user session (login). The mechanism does not activate when unlocking a previously locked workstation.
Usage example: Informing users about maintenance work, e.g., “Attention! Servers will restart today at 10:00 PM. Please save your work.”
Configuration: Display time in seconds; message editing with the option to apply ready-made parameters such as: event date and time, computer name, logged-in user.
Periodic screenshots
Description: The action enables periodic capture of user activity in graphical form (screenshots). The frequency of captures depends on the time interval defined by the administrator. The system has a built-in safety limit that restricts the number of stored files to 500 per workstation.
Usage example: Monitoring progress on a key project or verifying the use of specific software for audit purposes.
Configuration: Setting the time interval in seconds at which a screenshot should be taken.
Example of using multiple actions
Objective: Automatic response to a user's attempt to delete a file.
Trigger: File deletion.
Actions:
Screenshot during the event.
Restoring the file to its original location using a PowerShell script.
Sending a notification to the administrator with the log and screenshot.
Effect: The system logs the violation, restores the deleted file, and provides full documentation of the event to the administrator.
Summary
Tab DLP Actions offers a wide range of actions that can be automatically executed in response to events triggered by triggers. Thanks to flexible configuration, it is possible to tailor the system's response to the organization's needs, which increases the efficiency and effectiveness of security policies.
Last updated
Was this helpful?