> For the complete documentation index, see [llms.txt](https://eaclouddoc.eauditor.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://eaclouddoc.eauditor.eu/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/file-operations.md).
# File Operations
## File Operations trigger in DLP policies
Trigger **File operations** in DLP policies allows monitoring of user actions on files and directories in selected locations. It enables precise specification of conditions that must be met for the system to execute the appropriate rule. This feature supports effective protection of organizational data against unauthorized access, modification, or deletion.
{% hint style="warning" %}
When monitoring operations on a file containing **specific content** or **marked with an invisible tag**, it is possible to track activity related to the file regardless of its location, extension, etc. This enables monitoring to function even when the file is moved, copied, or edited.
To configure monitoring, first go to the [Document tagging.](/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/actions/document-marking.md)
{% endhint %}
## Types of file operations
The system enables monitoring and control of the following operations:
* **Creation:** Detecting creation of new files.
* **Deletion:** Monitoring attempts to delete files.
* **Open:** Monitoring and logging of file open events also within a defined process.
* **Rename/move:** Monitoring changes to file names or locations.
* **Write:** Tracking changes saved within files.
## Configuration fields
{% stepper %}
{% step %}
### **Operation type**
You must define the operation type. This is a multi-select list.
* **Creation**
* **Delete**
* **Open**
* **Rename/move**
* **Save**
{% endstep %}
{% step %}
### **Path mask / Excluded path mask**
* **Path mask:** Defines the locations in which operations will be monitored.
* Examples: `H:\desktop\test` or `H:\*`.
* **Excluded path mask:** Excludes specified locations from monitoring.
* Example: for the mask `H:\*`, the exclusion may be `H:\desktop\test`.
[How to add/edit a mask?](/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/file-operations/masks.md)
{% endstep %}
{% step %}
### **File mask / Excluded file mask**
* **File mask:** Specifies the files to be included in monitoring.
* Examples: `invoice.pdf`, `invoice*.pdf`, `*.txt`, `*.jpg`.
* **Excluded file mask:** Excludes specific files from monitoring.
* Example: for the mask `*.jpg`, the exclusion `test.jpg` will cause all JPG files except `test.jpg` to be considered.
[How to add/edit a mask?](/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/file-operations/masks.md)
{% endstep %}
{% step %}
### **Object type**
The dropdown allows selection of the object type:
* **Directories:** Monitoring only folder operations.
* **Files:** Monitoring only file operations.
* **Files and directories:** Monitoring both object types simultaneously.
{% endstep %}
{% step %}
### **Applies to media**
The multi-select field allows specification of media on which operations are to be monitored:
* **Local drive**
* **External drive**
* **USB flash drive**
* **Network share**
#### **Additional option for USB flash drives:**
Selecting USB flash drives unlocks configuration of USB device groups:
* **USB device groups:** A dropdown list initially containing the value “All”. Groups are created from the list of previously detected USB devices.
{% endstep %}
{% step %}
### **Process mask / Excluded process mask**
Works analogously to file and path masks:
* **Process mask:** Specifies processes to be included, e.g. `chrome.exe`, `*.exe`.
* **Excluded process mask:** Excludes specified processes, e.g. for the mask `*.exe`, the exclusion `chrome.exe`.
[How to add/edit a mask?](/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/file-operations/masks.md)
{% endstep %}
{% step %}
### [**Tag**](/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/actions/document-marking.md)
A multi-select field available after tags have been created in the system.
* Allows restricting the DLP rule to files that have a specific tag (e.g., classification).
* Example: It is possible to set the mask `*` (all locations and files), making the only condition for the policy to apply the assignment of a tag to the file.
{% endstep %}
{% endstepper %}
## Practical application
#### Example:
The rule applies to:
* Operations: **Open**.
* Locations: **User desktop**.
* File types: **Text files (.txt)**.
* Media: **Local drive**.
* Process: **Word.exe**.
**Result:** The DLP policy will be applied to files `.txt` located on the local drive in the “Desktop” directory, opened exclusively with Word.
## **Summary**
Trigger **File operations** allows detailed monitoring and management of access to files in selected locations, on specified media, and when using selected processes. Thanks to flexible configuration of fields, it is possible to precisely tailor DLP rules to the specific requirements of the organization.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://eaclouddoc.eauditor.eu/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/file-operations.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.