Masks

Introduction

Configuring DLP rules in the system often requires defining locations, file types, or processes that will be covered by the security policy. Masks allow precise specification of what should be monitored or blocked, and exclusion masks enable the omission of specified elements from rule enforcement.

Examples of mask usage

• Path mask: Specifies locations covered by the rule, e.g. C:\Desktop. All files located in this location (including subfolders) will be monitored unless excluded, e.g. C:\Desktop\Śmietnik.

• File mask: Specifies types of files covered by the policy, e.g. *.txt. All text files will be covered by the rule, with the option to exclude specific files, e.g. ABCD.TXT.

• Process mask: Specifies processes covered by the rule, e.g. *.exe. Specific processes can be excluded, such as chrome.exe.

Practical applications

1. Path mask:

   • Configuration:

     • The rule covers files in the location C:\Desktop.

     • Exclusion: C:\Desktop\Śmietnik.

   • Effect: All files on the desktop (including subdirectories) will be monitored, except those located in the "Śmietnik" folder.

2. File mask:

   • Configuration:

     • File monitoring *.docx.

     • Exclusion: Raport.docx.

   • Effect: The policy applies to all Word files in the location, except for the specified file "Raport.docx".

3. Process mask:

   • Configuration:

     • Process monitoring *.exe.

     • Exclusion: chrome.exe.

   • Effect: All executable processes are monitored, excluding the Chrome browser.

4. Advanced example:

   • File mask: *faktura*.*.

   • Effect: All files containing "faktura" in the name (any part of the name) with any extension are monitored.

   • Exclusion: TESTfaktura.doc.

Step-by-step configuration

Creating a path, file, or process mask

1

Expand the configuration field

In the main rule view, go to the mask configuration section.

2

Add a new mask

• Click + Add new next to the appropriate field.

3

Edit the mask

• After confirmation, a field will open where you can change the mask name.

• Optionally add a description to facilitate identifying the mask in the future.

4

Enter mask criteria

• Enter path, file, or process masks (one item per line).

• Example:

  • Paths: C:\Desktop, C:\Documents.

  • Files: *.txt, Raport.docx.

  • Processes: chrome.exe, *.exe.

5

Confirm configuration

• Click "Save" to add the mask to the list of available masks or abort the process using the "Cancel" button.

• The new mask will also be available as an exclusion mask option.

Example of applying masks in rules

Trigger File operation

• File masks allow monitoring of file opening within selected processes, e.g.:

  • File monitoring *.docx in the process word.exe.

  • Blocking opening of files in the process chrome.exe.

Additional information

• Recommendation for broad masks: For broad masks, it is advisable to use exclusion masks, e.g.:

  • Files: *.bin, *.cookie, *.dat, *.db, *.dll, *.exe, *.ini, *.json, *.lnk, *.nls, *.ost, *.prefs, *.sdb, *.sync, *.temp, *.tmp.

  • Paths: AppData, Program Files, Windows.

Summary

Path, file, and process masks are a flexible tool that enables precise control over DLP rule behavior. Masks allow focusing monitoring on critical areas while excluding locations, files, or processes considered irrelevant.