System administrators enable Content Scanning at the system level. They may define various scanners but enable only one anti-virus (AV) and/or data loss prevention (DLP) scanner per system. Organization Administrators may disable a currently configured DLP scanner at the organization level. This page allows administrative users to do the following:
Enable or disable scanning for DLP policy violations for this organization
Create sets of rules called rulesets that apply actions when data submitted to a DLP scanner violate specific DLP policies configured for the scanner
Note: User classes may not be assigned to user groups.
Assign rulesets to user classes
Note: To assign rulesets to a user, you do so within the User Profile page for User Settings.
Enable for this Organization: Select Yes to enable DLP scanning or No to disable DLP scanning for the organization.
Action on Server Error: Select Block to terminate transmission and return a violation if the ICAP connection times out or fails in some other way, or Allow Content and Log to allow transmission, but log a violation.
Edit User Class DLP Rulesets
After you have configured rulesets, you can select one to apply to a user class: Administrators, File Admins, Users or Temp/Guest Users.
Ruleset: From the drop-down list select any previously defined ruleset. The default selection -none- does not filter the data for violations since it applies no rules. The selection is then applied to any new users configured for that class.
Change Ruleset: Applies the ruleset to all currently configured users in that user class. Click Yes to the prompt to confirm.
Configure DLP Rulesets
In order to use DLP scanning, you must define rulesets and apply them to user classes or users.
Name: Name of existing ruleset. The Edit button allows you to change the ruleset. The Delete button allows you to delete a defined ruleset.
Add DLP Ruleset: Displays the Add DLP Ruleset page.
Add DLP Ruleset
The Add DLP Ruleset page allows you to define a ruleset.
Name: Name of the ruleset.
Description: Description for a Ruleset.
Default Action: Action to invoke when one or more violations are found in the data by the DLP scanner, but none of the rules in the ruleset match the violations reported to MOVEit:
Block: Terminates transmission.
Quarantine: Upload will be allowed, but Download will not be allowed. Files will be tagged, and an audit log entry will be recorded indicating that the file violates one or more DLP policies. Files may be untagged later, at which point normal permissions will take effect.
Allow: Transfer (upload and download) will be allowed, and files will be tagged. An audit log entry will be recorded indicating that the file violates one or more DLP policies.
Add Ruleset: Displays the Edit DLP Rules section so you can specify one or more matches against DLP policies that will be applied.
Edit DLP Rules
The Edit DLP Rules section allows you to specify one or more matching criteria for policies that belong to this ruleset.
Policy Mask: Values entered that MOVEit uses when it scans the information returned from the DLP scanner to determine if there was a policy violation.
Policy Action: Action to take if there is a violation of the policy.
Block: Terminates transmission.
Quarantine: Upload will be allowed, but Download will not be allowed. Files will be tagged, and an audit log entry will be recorded indicating that the file violates one or more DLP policies. Files may be untagged later, at which point normal permissions will take effect.
Allow: Transfer (upload and download) will be allowed, and files will be tagged. An audit log entry will be recorded indicating that the file violates one or more DLP policies.
Comment: Information pertinent to this particular policy mask.
Add DLP Rule: Displays the Add DLP Rule page to enter a DLP rule.
Add/Edit DLP Rule
The Add/Edit DLP Rule page allows you to specify the mask and action for a DLP policy.
Policy Mask: Values entered that MOVEit uses when it scans the information returned from the DLP scanner to determine if there was a policy violation. Best practice is to use the asterisk wildcard on either side of a value so it matches a significant value within the response, for example *SSN*.
Important: This value must match a value in the response data returned by the DLP scanner. This is typically the name of the policy from the scanner. However, some DLP systems allow users to specify text to be returned, so the value might depend on how your DLP system is configured. For example, if you use *SSN* as the mask, and your scanner returns SSN as part of the data associated with that type of policy violation, MOVEit will apply the appropriate action for that violation.
Policy Action: Action to take if there is a violation of the policy.
Block: Terminates transmission.
Quarantine: Upload will be allowed, but Download will not be allowed. Files will be tagged, and an audit log entry will be recorded indicating that the file violates one or more DLP policies. Files may be untagged later, at which point normal permissions will take effect.
Allow: Transfer (upload and download) will be allowed, and files will be tagged. An audit log entry will be recorded indicating that the file violates one or more DLP policies.
Comment: Information pertinent to this particular policy mask.
allows you to change the ruleset. The Delete button 
allows you to delete a defined ruleset.
