> For the complete documentation index, see [llms.txt](https://eaclouddoc.eauditor.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://eaclouddoc.eauditor.eu/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/file-operations/masks.md).

# Masks

## Introduction

Configuring DLP rules in the system often requires defining locations, file types, or processes that will be covered by the security policy. Masks allow precise specification of what should be monitored or blocked, and exclusion masks enable the omission of specified elements from rule enforcement.

### **Examples of mask usage**

* **Path mask:** Specifies locations covered by the rule, e.g. `C:\Desktop`. All files located in this location (including subfolders) will be monitored unless excluded, e.g. `C:\Desktop\Śmietnik`.
* **File mask:** Specifies types of files covered by the policy, e.g. `*.txt`. All text files will be covered by the rule, with the option to exclude specific files, e.g. `ABCD.TXT`.
* **Process mask:** Specifies processes covered by the rule, e.g. `*.exe`. Specific processes can be excluded, such as `chrome.exe`.

### Practical applications

1. **Path mask:**
   * **Configuration:**
     * The rule covers files in the location `C:\Desktop`.
     * Exclusion: `C:\Desktop\Śmietnik`.
   * **Effect:** All files on the desktop (including subdirectories) will be monitored, except those located in the "Śmietnik" folder.
2. **File mask:**
   * **Configuration:**
     * File monitoring `*.docx`.
     * Exclusion: `Raport.docx`.
   * **Effect:** The policy applies to all Word files in the location, except for the specified file "Raport.docx".
3. **Process mask:**
   * **Configuration:**
     * Process monitoring `*.exe`.
     * Exclusion: `chrome.exe`.
   * **Effect:** All executable processes are monitored, excluding the Chrome browser.
4. **Advanced example:**
   * **File mask:** `*faktura*.*`.
   * **Effect:** All files containing "faktura" in the name (any part of the name) with any extension are monitored.
   * **Exclusion:** `TESTfaktura.doc`.

***

## Step-by-step configuration

#### Creating a path, file, or process mask

{% stepper %}
{% step %}
**Expand the configuration field**

In the main rule view, go to the mask configuration section.

<figure><img src="/files/8d7af476bc026e9625805e7e3f457a8192b19454" alt="" width="292"><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Add a new mask**

* Click **+ Add new** next to the appropriate field.
  {% endstep %}

{% step %}
**Edit the mask**

* After confirmation, a field will open where you can change the mask name.
* Optionally add a description to facilitate identifying the mask in the future.
  {% endstep %}

{% step %}
**Enter mask criteria**

* Enter path, file, or process masks (one item per line).
* Example:
  * Paths: `C:\Desktop`, `C:\Documents`.
  * Files: `*.txt`, `Raport.docx`.
  * Processes: `chrome.exe`, `*.exe`.

<figure><img src="/files/654c92d27f749b8bf06a9a63e568df87e94a1657" alt="" width="289"><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Confirm configuration**

* Click "Save" to add the mask to the list of available masks or abort the process using the "Cancel" button.
* The new mask will also be available as an exclusion mask option.
  {% endstep %}
  {% endstepper %}

#### Example of applying masks in rules

**Trigger File operation**

* File masks allow monitoring of file opening within selected processes, e.g.:
  * File monitoring `*.docx` in the process `word.exe`.
  * Blocking opening of files in the process `chrome.exe`.

### Additional information

* **Recommendation for broad masks:** For broad masks, it is advisable to use exclusion masks, e.g.:
  * **Files:** `*.bin, *.cookie, *.dat, *.db, *.dll, *.exe, *.ini, *.json, *.lnk, *.nls, *.ost, *.prefs, *.sdb, *.sync, *.temp, *.tmp`.
  * **Paths:** `AppData, Program Files, Windows`.

{% hint style="warning" %}
**INFO:** Examples are only suggested usages and are not subject to vendor validation. They should be modified according to the organization's requirements.
{% endhint %}

## Summary

Path, file, and process masks are a flexible tool that enables precise control over DLP rule behavior. Masks allow focusing monitoring on critical areas while excluding locations, files, or processes considered irrelevant.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://eaclouddoc.eauditor.eu/eacloud-docs-en/features/data-loss-prevention/dlp-policies-and-rules/triggers/file-operations/masks.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.