Specifications

Endpoint Encryption for Files and Folders Policy Settings

| 37

• Commandpromptfileoperations(copy*,move*)

• Filesbeingcreateddirectlyonremovablemedia,e.g.whendoingSaveonafilefromwithin

theapplication,directlytothemedia

• CD/DVDburning

When enabled, the user is asked what password to use. Unless the sub-option is

enabled (see below), the conversion will happen automatically with no other user

intervention than asking for the password to use.

The creation to the Self-Extractor will happen irrespective of if the file is already

encrypted or not. Also, it will only be the Self-Extractor copy of the file that is put on

the media, not any other copy of the original file, not plaintext nor encrypted.

The main purpose of this feature is to:

• Provide a way to protect files when placed on removable media, yet being able

to read the files on machines without Endpoint Encryption for Files and Folders

installed

• No limitation to special removable media hardware

• No software installation when reading the Self-Extractors

Self-Extractors can only be read on Windows machines. As is the case with Self-

Extractor files in general, it is not possible to unpack the Self-Extractor, alter the

content and re-pack it back into a protected Self-Extractor that may be put back on

the media protected. To re-create Self-Extractors, the full Endpoint Encryption for Files

and Folders client is required.

Ask user if files put on media shall become Self-Extractors

This option can only be enabled once its parent option Auto-create Self-Extractors

… is enabled. When enabled, this option presents a question to the user if the file

being placed on the removable media through a Windows Explorer function should be

converted into a Self-Extractor. If the user answers No, the fil

will not be put on the

media in any shape, i.e. the intended file management operation will fail.

Additional exempted Device IDs

This list provides for additional exclusions from removable media encryption by listing

the Device ID of the media to exclude. The main cause for this exclusion list is to

prevent double encryption of files on removable media with built-in encryption. By

excluding certain devices, the Endpoint Encryption for Files and Folders client won’t

apply any removable media encryption policies to these devices. Still, any non-

excluded removable devices attached to the PC will be subject to removable media

encryption.