Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Managing DLP rules in the Virtru Control Center

Trevor Foskett
  • Updated

About

As a Virtru administrator, you can leverage Virtru's DLP rules to dictate how Virtru will behave when certain content is found in your users' outgoing emails.  You'll configure and manage these rules from the Virtru Control Center's Email Rules page. DLP rules are supported by all of our email products, except our mobile apps (iOS, Android). 

The different types of rule and their associated actions are described below.

Jump to:

Text Pattern Rules
Keyword Rules
Recipient Rules
Rule Actions
Custom Rules
Refreshing DLP Rules

 

Text Pattern Rules

Note about Default Email Rules

The default ("Stock" or "Outbound") Email Rules (DLP) only scan the email body. This does not include attachment content. Custom rules can be created to scan attachment content. HIPAA Rules (some subscriptions only) can also be modified to scan attachment contents.

The rules listed under "When I type these text patterns..." use Regular Expressions (RegEx) to match consistently formatted number and text patterns. The default patterns included with Virtru are Social Security Number, Credit Card Number, IP Address, Federal Employee Identification Number (EIN), and Possibly Sensitive.  

Text Pattern Rules

  • Social Security Number: Triggers on any number string that could potentially be a Social Security Number.
  • Credit Card Number:  Triggers on any number string that could potentially be a Credit Card Number.
  • IP Address:  Triggers on any number string that could potentially be an IP Address.
  • Federal Employee Identification Number (EIN):  Triggers on any number string that could potentially be a Federal Employee Identification Number (EIN).
  • Possibly Sensitive:  A more generic rule than the others will flag a variety of different number patterns. This may result in a high volume of false-positive flags, so only use this rule if your needs can't be met with other rule options.

 

Keyword Rules

Rules in the "When I type these keywords..." section are triggered by a precise match with a listed keyword (with one exception - see below). You can add your own keywords to this list by clicking the + icon in the bottom row.  A list of keywords can be added at once by comma-separating the entries. Note that some special characters are not supported in the keywords rules (for example [ ]).

Keyword Rules

Exception

In addition to the phrase "non disclosure agreement", the Non Disclosure Agreement rule will trigger on "nda", "n.d.a.", and "non-disclosure agreement".

 

Recipient Rules

The "When I send to..." section allows you to specify an action based on the recipient of the email.  This can be configured either by exact email address or by domain name. Email addresses and domains cannot be added in bulk; entering a list will result in only the first item being added to your rules.

Recipient Rules

 

Rule Actions

Rules in the Text Patterns, Keywords, and Recipients sections can be assigned to take one of three possible actions when the rule is triggered.

Encrypt Email:

An Encrypt rule will encrypt the email automatically as soon as the user hits Send.  They'll see the Virtru encryption animation without any option to have the email go out unencrypted.  

Warn Me:

A rule set to Warn will trigger an alert to the end user when they click "Send".  The warning dialog will provide exactly what the offending text is. The end user has the option to either send the message encrypted ("Protect and Send"), or disregard the warning and send unencrypted ("Send Anyway").

Rule Actions

Log Only:

Log Only rule will take no noticeable action on an outgoing email.  If the email is being sent unencrypted, the rule will have no effect at all.  If the email is sent encrypted, however, any Log Only rules triggered by that email will be logged in that email's Validation Report in the Virtru Control Center.  

Note

Log Only rules cannot be used to override or create exceptions to other rules; they simply do not take an action. For example, a rule set to "Log Only" the Social Security number 123-45-6789 will not prevent that sequence from being flagged by another SSN rule.

 

Custom Rules

To perform more complex DLP operations - including multiple scan parameters, multiple actions, and additional action types - you'll want to use a Custom Rule

"Custom

More information on creating Custom Rules can be found in this article: Virtru Control Center: Creating Custom DLP Rules

An important note about DLP Rules:

All DLP rules (stock or custom) run independently of one another. If multiple rules trigger, then the most secure rule will win. For example, if one rule is triggered and set to ‘log’ only, but another rule is triggered and set to ‘encrypt’, then the message will encrypt as that is more secure.

 

Refreshing DLP Rules

DLP rule changes are not immediately pulled in on every platform but will automatically update on regular intervals. The automatic intervals and how to manually refresh per platform can be found below:

Platform

Manual Refresh

Automatic Refresh Rate
Virtru for Gmail Refresh Browser Page up to 3 hours
Virtru for Outlook Desktop Extension Restart Outlook up to 3 hours
Virtru for Outlook 365 Add-In

Open the Add-in Menu and Select Refresh User Settings

Outlook 365 Menu

 up to 12 hours
Virtru-Hosted Gateway n/a seconds
Customer-Hosted Gateway Restart the applicable containers up to 3 hours

 

Related articles