Policy Rules Guide

Protected folders

Protected folders are fundamental in FenixPyre, defining specific folder locations accessible to designated users and groups. These folders allow users and groups within your organization to access and consume encrypted content using FenixPyre. Notably, encrypted files can only be accessed within these protected folders, whether via FenixPyre's Windows agent or cloud integrations. Examples of protected folder paths include common user directories, on-premises network drives, and cloud-based document sharing services.

Supported Path Types

1. Windows Local Paths

Local paths are used for protecting folders on users' Windows machines.

Syntax

C:\Users\%username%\path\to\folder

Key Features

• Supports %username% variable for dynamic user paths

• Case-insensitive

• Backslashes (\) required as separators

• Drive letter (e.g., C:) must be specified

Examples

C:\Users\%username%\Desktop\Confidential
C:\Users\%username%\Documents\HR_Files
C:\Program Files\Company\Secure

Best Practices

• Use %username% for paths that should work across different user profiles

• Avoid spaces in folder names when possible

• Use consistent casing for better readability

• Verify the path exists before adding

2. Network Paths

Network paths allow protection of shared folders on network drives. Supports UNC, DFS, and mapped drive paths.

UNC Path Syntax

\\server_name\share_name\folder_path

DFS Path Syntax

\\domain\dfs_root\folder_path

Key Features

• Double backslashes (\\) required at start

• Server/domain name must be specified

• Supports both IP addresses and hostnames

Examples

\\fileserver\shared\Finance
\\192.168.1.100\documents\Legal
\\domain.local\dfs\Department\HR

Best Practices

• Use UNC paths instead of mapped drives for reliability

• Verify network connectivity before adding

• Ensure proper network share permissions

• Consider using DFS for location independence

3. SharePoint/OneDrive Paths

Cloud paths for protecting content in Microsoft 365 environments.

Syntax

\\<sharepoint_domain>\sites\<site_name>\<folder_path>

Features

• Automatic conversion from web URLs

• Supports both SharePoint and OneDrive locations

Examples

\\company.sharepoint.com\sites\HR\Confidential
\\company-my.sharepoint.com\personal\user_company_com\Documents

Automatic URL to Path Conversion

Web URLs are automatically converted to the correct format. You can just paste any sharepoint/onedrive link and it will automatically be converted to the desired format:

https://company.sharepoint.com/sites/HR/Confidential
→ \\company.sharepoint.com\sites\HR\Confidential

4. Egnyte Paths

For organizations using Egnyte cloud storage.

Syntax

\\<domain>.egnyte.com\<folder_path>

Examples

\\company.egnyte.com\Shared\Finance
\\company.egnyte.com\Private\HR

5. Box Paths

For organizations using Box cloud storage.

Syntax

\\<enterprise ID>@app.box.com\<folder path>

Examples

\\1174000000@app.box.com\New Folder\test
\\1174000000@app.box.com\All Files\Shared\Lab Folders

User Permissions

The following permission decide what type of actions can be performed by the user or group on FenixPyre.

User Applications

With FenixPyre installed on Windows Desktops, you can control which applications can access encrypted files and how they do so.

There are a number of configurations that you can manage for an application while adding them to a policy.

Endpoint Settings

Automatic Encryption Service

Automatic encryption service is a windows endpoint feature that FenixPyre offers in which it encrypts any file that has been newly added to or created within an a protected folder.

Managing Automatic Encryption Disruptions

The suggested delay is 5,000 ms. We recommend keeping the delay value below 60,000 ms (or 1 minute).

Anchor's automatic encryption service may disrupt workflows by encrypting new files in protected folders immediately. This encryption can cause application conflicts, such as interrupting an SFTP file transfer, depending on how files are created in the folder. To address these issues, we have introduced a delay setting to allow more flexible handling of such cases.

Periodic Encryption Service

FenixPyre offers a Windows feature called the Periodic Encryption Service, which regularly scans protected folders and encrypts any unencrypted files. You can set the scan frequency between 30 minutes (recommended) and 1440 minutes (every 24 hours).

Recommended value: 30 mins

Offline Mode

Offline mode allows offline access to encrypted files, enabling users to work without an internet connection. Administrators can determine which users have offline access and set a time limit of up to 90 days. While an internet connection is typically needed for accessing Anchored files, offline mode balances offline functionality with maintaining control and protection of Fenixpyre encrypted files

Recommended period: 15 days

Allowed Extensions

By default, any file whose extension is listed under Allowed Extensions is encrypted automatically by the Automatic Encryption Service and the Periodic Encryption Service on the FenixPyre Windows agent.

File Settings

Preserve File Timestamps

By default, FenixPyre preserves original file timestamps when encrypting or decrypting. This means the "last modified date," "last access date," and "last write date" stay the same even after files are processed. If you want these timestamps to reflect the time of encryption or decryption instead, you can change this default behavior.

Recommended Value: Enabled

Preserve File Security Info

You can keep a file’s security details, like its Discretionary Access Control List (DACL), even after encrypting or decrypting. A DACL controls who can access files and folders in a computer system.

Recommended Value: Enabled

File Access Rules

Access Rules define the conditions that must be met before encrypted data can be opened. They are automatically applied to new and existing files, which makes managing access controls much easier.

• Default Rule (Organization): The device must belong to the data-owning organization. All files are given this global default rule upon encryption.

• Geo-Fencing: Currently only supports the US, so files can only be opened if accessed from within the United States. This is verified using geolocation, IP addresses, or both.

Office Add In Settings

The FenixPyre Office Add-In offers various settings that help Data Loss Prevention (DLP) in Office 365. These settings disable any features that could compromise data security, ensuring your sensitive information remains protected.

Advanced Settings