About
As a Virtru administrator, you can leverage Virtru's Security Rules (formerly DLP) to dictate how Virtru will behave when certain content is found in your users' outgoing encrypted emails and files. You'll configure and manage these rules from the Virtru Control Center's Rules page. The different types of rule and their associated actions are described below
Please Note
Not all products support full compatibility with Security Rules. See our compatibility matrix to learn more.
Jump to:
Text Pattern Rules
Keyword Rules
Recipient Rules
Rule Actions
Custom Rules
Refreshing Security Rules
Important Notes about Security Rule
- The rules found in the "When I type these text patterns..." and "When I type these keywords..." sections only scan the email body. They do not scan attachment content. Custom rules can be configured to scan attachment content and the HIPAA rule pack (some subscriptions only) can be modified to scan attachment content.
- All Security Rules (stock or custom) run independently of one another. If multiple rules trigger, then the most secure rule will win. For example, if one rule is triggered and set to "log only", but another rule is triggered and set to "encrypt," then the message will encrypt as that is more secure
Text Pattern Rules
The rules listed under "When I type these text patterns..." use Regular Expressions (RegEx) to match consistently formatted number and text patterns. The default patterns included with Virtru are Social Security Number, IP Address, Federal Employee Identification Number (EIN), Possibly Sensitive, and Credit Card Number.
- Social Security Number: Triggers on any number string that could potentially be a Social Security Number.
- IP Address: Triggers on any number string that could potentially be an IP Address.
- Federal Employee Identification Number (EIN): Triggers on any number string that could potentially be a Federal Employee Identification Number (EIN).
- Possibly Sensitive: A more generic rule than the others will flag a variety of different number patterns. This may result in a high volume of false-positive flags, so only use this rule if your needs can't be met with other rule options.
- Credit Card Number: Triggers on any number string that could potentially be a Credit Card Number.
Keyword Rules
Rules in the "When I type these keywords..." section are triggered by a precise match with a listed keyword (with one exception - see below). You can add your own simple keyword rules to this list via the +ADD RULE button. A list of keywords can be added at once by comma-separating the entries. Note that some special characters are not supported in the keywords rules (for example [ ]).
Exception
In addition to the phrase "non disclosure agreement", the Non Disclosure Agreement rule will trigger on "nda", "n.d.a.", and "non-disclosure agreement".
Recipient Rules
The "When I send to..." section allows you to specify an action based on the recipient of the email. This can be configured either by exact email address or by domain name. Email addresses and domains cannot be added in bulk; entering a list will result in only the first item being added to your rules.
Rule Actions
Rules in the Text Patterns, Keywords, and Recipients sections can be assigned to take one of four possible actions when the rule is triggered.
Block:
For compatible platforms*, a Block rule will stop an email from going out altogether. Gmail users will receive an alert providing details on the block and instructions to remove the sensitive content. Customer-Hosted Gateway users will receive a bounce message.
*This function is only available for Gmail and Customer-Hosted Gateway users.
Encrypt:
An Encrypt rule will encrypt the email automatically as soon as the user hits Send. They'll see the Virtru encryption animation without any option to have the email go out unencrypted.
Warn:
A rule set to Warn will trigger an alert for client-side plugin users when they click "Send". The warning dialog will provide exactly what the offending text is. The end user has the option to either send the message encrypted ("Protect and Send"), or disregard the warning and send unencrypted ("Send Anyway").
Log Only:
A Log Only rule will take no noticeable action on an outgoing email. If the email is being sent unencrypted, the rule will have no effect at all. If the email is sent encrypted, however, any Log Only rules triggered by that email will be logged in that email's Validation Report in the Virtru Control Center.
Note
Log Only rules cannot be used to override or create exceptions to other rules; they simply do not take an action. For example, if there is a rule to "Log Only" when the keyword "unsecure" is present and another rule to encrypt when a Social Security number is present, if an email contains both, the "Log Only" rule will not prevent that sequence from being flagged by the SSN rule and encrypting. Similarly, "Log Only" will not disable encryption if it were manually enabled.
Custom Rules
To perform more complex Security Rule operations - including multiple scan parameters, multiple actions, and additional action types - admins can create custom rules via the Custom Rule Builder button next to the "Filter" search bar at the top of the page.
These will be found in the "Custom Rules" section at the bottom of the page.
More information on creating Custom Rules can be found in this article: Virtru Control Center: Creating Custom Security Rules
Refreshing Security Rules
Security Rule changes are not immediately pulled in on every platform but will automatically update on regular intervals. The automatic intervals and how to manually refresh per platform can be found below:
Platform |
Manual Refresh |
Automatic Refresh Rate |
Virtru for Gmail | Refresh Browser Page | up to 3 hours |
Virtru for Outlook Desktop Extension | Restart Outlook | up to 3 hours |
Virtru for Outlook 365 Add-In |
Open the Add-in Menu and Select Refresh User Settings |
up to 12 hours |
Virtru-Hosted Gateway | n/a | seconds |
Customer-Hosted Gateway | Restart the applicable containers | up to 3 hours |