Policy Rules Guide
Explore this glossary to discover various rules that may be incorporated into a policy.
Protected folders

Protected folders are fundamental in FenixPyre, defining specific folder locations accessible to designated users and groups. These folders allow users and groups within your organization to access and consume encrypted content using FenixPyre. Notably, encrypted files can only be accessed within these protected folders, whether via FenixPyre's Windows agent or cloud integrations. Examples of protected folder paths include common user directories, on-premises network drives, and cloud-based document sharing services.
Supported Path Types
1. Windows Local Paths
Local paths are used for protecting folders on users' Windows machines.

Syntax
C:\Users\%username%\path\to\folder
Key Features
Supports
%username%
variable for dynamic user pathsCase-insensitive
Backslashes (
\
) required as separatorsDrive letter (e.g.,
C:
) must be specified
Examples
C:\Users\%username%\Desktop\Confidential
C:\Users\%username%\Documents\HR_Files
C:\Program Files\Company\Secure
Best Practices
Use
%username%
for paths that should work across different user profilesAvoid spaces in folder names when possible
Use consistent casing for better readability
Verify the path exists before adding
2. Network Paths
Network paths allow protection of shared folders on network drives. Supports UNC, DFS, and mapped drive paths.

UNC Path Syntax
\\server_name\share_name\folder_path
DFS Path Syntax
\\domain\dfs_root\folder_path
Key Features
Double backslashes (
\\
) required at startServer/domain name must be specified
Supports both IP addresses and hostnames
Examples
\\fileserver\shared\Finance
\\192.168.1.100\documents\Legal
\\domain.local\dfs\Department\HR
Best Practices
Use UNC paths instead of mapped drives for reliability
Verify network connectivity before adding
Ensure proper network share permissions
Consider using DFS for location independence
3. SharePoint/OneDrive Paths
Cloud paths for protecting content in Microsoft 365 environments.

Syntax
\\<sharepoint_domain>\sites\<site_name>\<folder_path>
Features
Automatic conversion from web URLs
Supports both SharePoint and OneDrive locations
Examples
\\company.sharepoint.com\sites\HR\Confidential
\\company-my.sharepoint.com\personal\user_company_com\Documents
Automatic URL to Path Conversion
Web URLs are automatically converted to the correct format. You can just paste any sharepoint/onedrive link and it will automatically be converted to the desired format:
https://company.sharepoint.com/sites/HR/Confidential
→ \\company.sharepoint.com\sites\HR\Confidential
4. Egnyte Paths
For organizations using Egnyte cloud storage.

Syntax
\\<domain>.egnyte.com\<folder_path>
Examples
\\company.egnyte.com\Shared\Finance
\\company.egnyte.com\Private\HR
5. Box Paths
For organizations using Box cloud storage.

Syntax
\\<enterprise ID>@app.box.com\<folder path>
Examples
\\[email protected]\New Folder\test
\\[email protected]\All Files\Shared\Lab Folders
User Permissions
The following permission decide what type of actions can be performed by the user or group on FenixPyre.
Can Encrypt
This permission determines whether a user can encrypt files
This permission determines whether a user can encrypt files
Can Decrypt
This permission determines whether a user can decrypt files and remove protection.
This permission determines whether a user can decrypt files
Can Share
This permission determines whether you can share a file via outlook or right-click option via FenixShare.
The permission determines whether you can share a file from SharePoint, OneDrive, Egnyte or Box Drive using FenixShare.
Can View Audit Logs
This permission determines whether a user can view audit logs form the right-click option
Thiis permission determines whether a user can view audit logs .
Can Open
Rolling out soon
Rolling out soon
Can Edit
Rolling out soon
Rolling out soon
Can Add Protection
Rolling out soon
Rolling out soon
Can Delete
Rolling out soon
Rolling out soon
User Applications
With FenixPyre installed on Windows Desktops, you can control which applications can access encrypted files and how they do so.

There are a number of configurations that you can manage for an application while adding them to a policy.

Enable opening files from non-protected folders
This option determines whether the application can open encrypted files stored outside of protected folders.
Enable compliance mode
Read this article for more details
Endpoint Settings
Automatic Encryption Service
Automatic encryption service is a windows endpoint feature that FenixPyre offers in which it encrypts any file that has been newly added to or created within an a protected folder.
Managing Automatic Encryption Disruptions
The suggested delay is 5,000 ms. We recommend keeping the delay value below 60,000 ms (or 1 minute).
Anchor's automatic encryption service may disrupt workflows by encrypting new files in protected folders immediately. This encryption can cause application conflicts, such as interrupting an SFTP file transfer, depending on how files are created in the folder. To address these issues, we have introduced a delay setting to allow more flexible handling of such cases.
Learn more about Automatic Encryption Service
If you are looking for a solution for encryption files on cloud - SharePoint/OneDrive, Egnyte or Box we suggest you learn about Auto-Encryption on FenixShare
Periodic Encryption Service
FenixPyre offers a Windows feature called the Periodic Encryption Service, which regularly scans protected folders and encrypts any unencrypted files. You can set the scan frequency between 30 minutes (recommended) and 1440 minutes (every 24 hours).
Recommended value: 30 mins
Learn more about Periodic Encryption Service
Offline Mode
Offline mode allows offline access to encrypted files, enabling users to work without an internet connection. Administrators can determine which users have offline access and set a time limit of up to 90 days. While an internet connection is typically needed for accessing Anchored files, offline mode balances offline functionality with maintaining control and protection of Fenixpyre encrypted files
Recommended period: 15 days
Learn more about Offline mode
Allowed Extensions
By default, any file whose extension is listed under Allowed Extensions is encrypted automatically by the Automatic Encryption Service and the Periodic Encryption Service on the FenixPyre Windows agent.
For FenixPyre cloud integrations, encrypting, decrypting, opening, and sharing files on FenixShare is limited to these Allowed Extensions. This serves as a protective measure, ensuring only authorized users can access the encrypted files.
File Settings
Preserve File Timestamps
By default, FenixPyre preserves original file timestamps when encrypting or decrypting. This means the "last modified date," "last access date," and "last write date" stay the same even after files are processed. If you want these timestamps to reflect the time of encryption or decryption instead, you can change this default behavior.
Recommended Value: Enabled
Preserve File Security Info
You can keep a file’s security details, like its Discretionary Access Control List (DACL), even after encrypting or decrypting. A DACL controls who can access files and folders in a computer system.
Recommended Value: Enabled
File Access Rules
Access Rules define the conditions that must be met before encrypted data can be opened. They are automatically applied to new and existing files, which makes managing access controls much easier.

Default Rule (Organization): The device must belong to the data-owning organization. All files are given this global default rule upon encryption.
IP Address: Limit access to selected public IP ranges (supports multiple IPs and CIDR notation).
Geo-Fencing: Currently only supports the US, so files can only be opened if accessed from within the United States. This is verified using geolocation, IP addresses, or both.
Office Add In Settings
The FenixPyre Office Add-In offers various settings that help Data Loss Prevention (DLP) in Office 365. These settings disable any features that could compromise data security, ensuring your sensitive information remains protected.
Can Lock Files
FenixPyre automatically handles file locking for Office files synced from OneDrive or SharePoint. It ensures encrypted files are edited by only one user or device at a time, preventing conflicts and maintaining data security.
enabled
Can Share
Enable or Disable Share Options in Microsoft Office
disabled
Can View Info
Enable or Disable View Info Option in Microsoft Office
disabled
Can Transform
Enable or Disable Transform Option in Microsoft Office
disabled
Can Export
Enable or Disable Export Option in Microsoft Office
disabled
Can Publish
Enable or Disable Publish Option in Microsoft Office
disabled
Can Print
Enable or Disable Print Option in Microsoft Office
disabled
Can Custom Preview
Enable or Disable Custom Preview Option in Microsoft Office
disabled
Can Save to Non-Protected Folders
This setting controls the ability to save files to non-protected folders. It overrides similar setting in User applications, including Microsoft Word, Excel, and PowerPoint.
disabled
Advanced Settings
User Policy Update Interval
The Windows agent updates user policies at regular intervals. By default, these updates occur every 60 seconds.
60 seconds
Access Control Heartbeat Interval
Frequency at which FenixPyre verifies user status and ensures compliance with file access rules.
15 seconds
Last updated
Was this helpful?