Skip to content

Create a Data Loss Prevention Rule

Follow these instructions to create a Data Loss Prevention (DLP) rule.


These DLP rules are different than email data control policies. For information on email data control policies, see Data control policy.


SophosLabs can independently control the file types included in DLP. They may add or remove certain file types to provide the best protection.

There are two stages to creating a DLP rule; creation and configuration.

This stage sets up the rule type, the actions taken if the rule is triggered and whether you want to be alerted to the breaches of the rule.

To create a DLP rule, do as follows:

  1. Go to My Products > General Settings > Manage Data Loss Prevention Rules.
  2. Click Create New Rule.
  3. Choose from New Content Rule or New File Rule.
  4. Give the rule a Name and a Description.
  5. Click Send me email alerts if you want notifying when the rule is breached.


    You will not get an alert in Sophos Central.

  6. For a File rule, choose whether you want to match against a file name or a file type as the conditions for the rule. You will give the details when you configure the rule.


    Conditions are required for a Content rule and you cannot set the condition type.

  7. Specify if you want to exclude by a file name or by file type. You will give the details when you configure the rule.

  8. Specify the actions for the rule. Choose from:

    • Allow file transfer.
    • Allow transfer if user confirms.
    • Block transfer.
  9. Click Next: Rule Configuration.

    For help on configuring rules see Configure a Data Loss Prevention Rule.