Use the following steps to block file transfers through remote applications. Remote applications can include AnyDesk, Team Viewer, Remote Desktop, or Skype for Business:
- Log on to the ePolicy Orchestrator (ePO) console.
- Go to Menu, Data Protection, and then click Classification.
- On the Classification page, click Actions, and then select New Classification.
- On the New Classification pop-up window, do the following:
- Type All Data types in the Name field.
- Provide values for other parameters as needed.
- Click Save.
- In the newly created classification (All Data types), do the following:
- Click Actions and select New Content Classification Criteria.
- In the new page, use Data Conditions or File Conditions as per your requirement.
- Click Save to save the configuration.
- Create an Application Template for the remote application as below:
- Go to Menu, Data Protection, and click Classification.
- Click the Definitions tab, and select Application Template under Source/Destinations.
- Click Actions, New Item.
- For Name, use Remote Applications.
- For the Process Strategy, use Editor.
- Click Original Executable File Name under Available Properties.
- In the Value field, select Equals from the Comparison drop-down list. Type mstsc.exe and click the plus sign (+).
- Select Equals from the Comparison drop-down list and type Anydesk.exe in the Value field. Click the plus sign (+) to add remote executable file names for all applications that you want to block.
- Click Save to save the configuration.
- Go to Menu, Data Protection, and select DLP Policy Manager.
- Under Rule Sets, click the rule set that you want to use or create a rule set by clicking Actions, New Rule Set.
- In the DLP Rule Set page, select the Data Protection tab.
- From the Actions drop-down list, select New Rule, Application File Access Protection.
- In the Application File Access Protection page, do the following:
- Enter a rule name.
- Set the State to Enabled.
- Select Trellix DLP Endpoint for Windows.
- Under the Condition tab:
- For Classification, select the classification created in step 2.
- For Applications, select the application template created in step 6.
- To specify the action (Block or No Action) based on your business need, click the Reaction tab, and then click Save.
NOTE: Data in the files transferred over these remote applications are empty on the destination system according to the product design.
