Copying or moving discovered files

When Forcepoint DLP discovers sensitive content, it can copy or move sensitive content (files) using the following remediation scripts:

• CopyFiles - Copies files that are in breach of corporate policy to another directory.
• MoveFiles - Moves (not copies) files that are in breach of corporate policy to another directory for quarantine. In the original location, the file is replaced with a text message: “This file was detected to contain content that is a breach of corporate policy and thus has been quarantined. For more information please contact your system administrator.”

Both the CopyFiles and the MoveFiles scripts can be configured to ignore files that have not been accessed in X number of days.

Note the following:

• These remediation scripts are provided for network file system discovery, discovery on endpoint systems, and SharePoint only.

The scripts cannot be used for Exchange, Outlook PST, or database discoveries, and they cannot be used for local versions of SharePoint.

• The scripts can be used for endpoint or policy remediation, but not for remediation instigated during incident management.
• Support for endpoint discovery is limited. The scripts assume that the endpoint can always access the quarantine folder. If the quarantine folder is outside the network, the operations will not work.

These scripts provide examples of what can be done with remediation scripts. Administrators can create additional scripts to perform an action on discovered incidents, such as encryption or DRM integration.

See Preparing and running the remediation scripts section, for instructions on using these scripts.