Elevate Your Egnyte Expertise. Join our Customer Community to connect with a network of peers and share game-changing strategies. Join Today

Help Desk
Contact Support

Welcome to
Help Desk

Product Updates
 Training
Support
 Ideas Community Contact Support

Content Safeguards - FAQ

Egnyte Secure and Govern now provides two different types of Content Safeguard Policies. These are Restriction Policies and Exception Policies.

Content Safeguards can protect data by restricting approved link types to files containing Sensitive Content. If Content Safeguards have been enabled for the source, link sharing to some files may be restricted to a minimum link security level based on policies created by Administrator.

There are two types of Content Safeguard policies, Block and Warn. Under Warn Policies, all link security levels for the file or folder will be available as options in the dropdown, but less secure links may have a warning message stating the link type is Not Recommended. Under Block Policies, certain link types for files or folders may not be available since the links must meet minimum security requirements defined by the Administrator such as password-protected links. 

Skip Ahead to...

How do Content Safeguard Restriction Policies Work?

How do Content Safeguard Exception Policies Work?

Why is Sharing Restricted For Some of my Files?

What do I Need to do When Creating a Folder/File Link?

What Happens to my Existing Links When Content Safeguards Are Set Up?

Why Can I Still Create an "Anyone Access" Folder Link When I Have Applied a Content Safeguard Blocking Policy That Only Allows "Password Only" Links?

If a New Subfolder is Added Does it Automatically Apply The Existing Content Safeguard Policy?

What if my Link Recipients Cannot Access my Link?

How Can I Check if my Link is Working?

What Should I do if My Link Has Been Disabled by a Content Safeguard Policy?

Some of my Files Are Marked as "Access Restricted For Link Recipients", But I Can Still Access Them. Is This Expected?

How Do Content Safeguard Restriction Policies Work?

Folder-Only Restriction Policies

These policies are configured using only location (folders)

  • Folder/File links - Content Safeguard policies restrict folder and file links. Users can only create folder and file links based on the policy configuration
  • Creating/Applying New Policy Changes - Creating or modifying Content Safeguard policies will occur in real-time for folder-only policies. 
  • Newly added files/subfolders - This is a real-time process for folder-only policies. Secure and Govern will automatically stamp the new files and subfolders that match any existing Content Safeguard policy. 

Combined Restriction Policies

These policies are configured using any combination of restrictions including content classification, risk score and location (folders)

  • Folder/File links - Content Safeguard policies restrict file links only. Users still can create folder links, but recipients may not be able to download or preview files matching the policy.
  • Creating/Applying New Policy Changes - Creating or Modifying Content Safeguard policies is not a real-time process. After any policy creation or change, Secure and Govern needs to scan through and stamp all the files that match the policy in Egnyte Collaborate. This may take hours or even days. Currently, we can stamp up to 100K files per hour.
  • Newly added files/subfolders - This is not a real-time process. Secure and Govern must scan and stamp the new files that match any existing Content Safeguard policy. This may take up to 1 hour.

The new folder-only restriction policy processing only supports Blocking restrictions. It does not support Warning restriction policies.

How Do Content Safeguard Exception Policies Work?

  • Folder/File links - Content Safeguard policies restrict file links only. Users still can create folder links, but recipients may not be able to download or preview files matching the policy
  • Creating/Applying New Policy Changes - Creating or modifying Content Safeguard policies is not a real-time process. After any policy creation or change, Secure and Govern needs to scan through and stamp all the files that match the policy in Egnyte Collaborate. This may take hours or even days. Currently, we can stamp up to 100K files per hour
  • Newly added files/subfolders - This is not a real-time process. Secure and Govern must scan and stamp the new files that match any existing Content Safeguard policy. This may take up to 1 hour.

Why is Sharing Restricted For Some of My Files?

Share links for files can be restricted based on policies defined by the Administrator(s) in Secure and Govern.  For more details about the restriction policies in place on the account, please contact the Administrator. 

What Do I Need to Do When Creating a Folder/File Link?

Warn Policy

When creating a link to a file, all link security levels for the file will be available as options in the dropdown. However, any link option that does not meet the allowed link security levels for the file, will have a warning message stating the link type is Not Recommended. Users can still create a file link using the less secure method.

When creating a link to a folder, a warning message stating the link type is Not Recommended will be displayed. Users can still create a folder link using the less secure method. All files within the folder will be viewable by link recipients.

Block Policy

When creating a link to a file, only the allowed link security levels for the file will be available as options in the dropdown. Select the desired type of link, and the process is complete. When creating a link to a folder, a reminder will be displayed stating that files with sensitive content in the folder will not be viewable or downloadable by link recipients.

What Happens to My Existing Links When Content Safeguards Are Set Up?

Warn Policy

Existing links will NOT be restricted under the Content Safeguard Warn policies, meaning that all links will still be accessible by link recipients. However, recipients may receive a warning message indicating the link type is Not Recommended. Use the instructions below to check the link.

Block Policy

Existing links will also be restricted under the Content Safeguard Block policies, meaning that links which were previously accessible to link recipients may no longer be accessible because the links do not meet the minimum security requirements set by the Content Safeguard policy. Use the instructions below to check the link.

Why Can I Still Create an "Anyone Access" Folder Link When I Have Applied a Content Safeguard Blocking Policy That Only Allows "Password Only" Links?

Folder-Only Policies

These policies are configured using only location (folders)

Folder links are managed the same as file links. This is because the Content Safeguard policy applies to all files within a folder or folders.

Example:

A blocking Content Safeguard policy is applied to the HR folder which only allows files to be shared via a link with a password. This policy applies to ALL the files in the HR folder. Two scenarios are explained below.

  • User’s could only create folder and file links with password or link types that are more restrictive

Folder-only policy processing improvement only applies to who a link is shared with. Link expiry and download controls will still be managed at the file level which requires file level scanning

Combined Policies

These policies are configured using any combination of restrictions including Content Classification, Risk Score and Location (folders)

Folder links are managed differently than file links. This is because not every file, within a folder, may match the Content Safeguard policy. Content Safeguard policies are designed to restrict file sharing. A user can still share a folder with Anyone Access. However, when a recipient opens the folder link, access will only be available to files within the folder link when:

  1. Files are NOT restricted by a Content Safeguard policy
  2. When the folder link adheres to the Content Safeguard policy set against the files within the folder (see example below)

Example:

A blocking Content Safeguard policy is applied to the HR folder which only allows files to be shared via a link with a password. This policy applies to ALL the files in the HR folder. Two scenarios are explained below. 

  • Scenario 1: User creates a folder link with Anyone Access
    • In this scenario, a recipient could open the folder link, but would NOT be able to open or download any of the files within the folder since the folder link does not meet the minimum requirements of the Content Safeguard policy.
  • Scenario 2: User creates a folder link that requires Password Access
    • In this scenario, a recipient could open the folder link and will be allowed to access or download any of the files within the folder since the folder link does meet the minimum requirements of the Content Safeguard policy.

If a New Subfolder is Added Does it Automatically Apply The Existing Content Safeguard Policy?

Folder-only Policies

These policies are configured using only location (folders)

Yes, Content Safeguard policy applies to all new files and subfolders under included folders in real time.

Combined Policies

These policies are configured using any combination of restrictions including Content Classification, Risk Score and Location (folders)

Real time folder-only policy processing is only supported for Blocking policies. Real time processing is not supported for Warning folder-only policies.

What if My Link Recipients Cannot Access My Link?

This likely means the link has been disabled because it does not meet the security requirements set by the Content Safeguard policy. If the link has been restricted under an access control policy, the following message will be displayed upon link access: Access to the file has been restricted by the Administrator. It is recommended that inaccessible links be investigated via the Web UI.

How Can I Check if My Link is Working?

Use the web UI to access the link. If the link works, the link will also work for link recipients. If the link does not work and following message is displayed instead: Access to the file has been restricted by Administrator, the link has been disabled because it does not meet the security requirements.

What Should I Do if My Link Has Been Disabled By a Content Safeguard Policy?

  1. If the link is a file link, try increasing the link’s security level.
     
  2. If the link is a file link and the link recipient is not a registered Connect user, the link recipient can be added as a Standard User to the Connect source to access links with a higher security level than Public.
     
  3. Use the Web UI to create a new link. When creating a link, only the allowed link security levels will be available as options in the drop-down. Select the desired type of link, and the process is complete.
     
  4. Contact the Administrator for further assistance or additional questions.

Some of My Files Are Marked as "Access Restricted For Link Recipients", But I Can Still Access Them. Is This Expected?

Yes, the Access restricted for link recipients message indicates that certain files may be restricted for recipients who have received links to the folder. These files will still be viewable if permission to the file or folder has already been granted.

Additional Information

Was this article helpful?
0 out of 0 found this helpful

For technical assistance, please contact us.