When configuring paths in File Encryption rules, consider the following.
- A path can only contain characters that can also be used in file systems. Characters like
<, >, * and $ are not allowed.
- You can only enter valid placeholders. For a list of all supported placeholders, see Placeholders for paths in location-based File Encryption rules.
Note: Names of environment variables are not checked by the SafeGuard
Management Center. They only need to be present on the endpoint.
- The Path field always indicates a folder. You cannot specify a rule
for a single file or use wildcards for folder names, file names or file extensions.
- Absolute and relative rules
You can define absolute and relative rules. An
absolute rule exactly defines a specific folder, for example
. A relative rule does not include UNC server/share
information, drive letter information or parent folder information. An example for a path
used in a relative rule is encrypt_sub
. In this case, all files on all
drives (including network locations) that reside in a folder
(or one of its subfolders) are covered by the
Note: Relative paths are only supported on Windows endpoint
- Long folder names and 8.3 notation
Always enter the long folder names for File
Encryption rules since 8.3 names for long folder names may differ from computer to
computer. 8.3 name rules are detected automatically by the endpoint protected by SafeGuard
Enterprise when the relevant policies are applied. Whether applications use long folder
names or 8.3 names for accessing files - the result should be the same. For relative
rules, use the short folder names to make sure that the rule can be enforced regardless of
an application that uses long folder names or 8.3 notation.
- UNC and/or mapped drive letters
Whether you administer rules in UNC notation or
based on mapped drive letters depends on your specific requirements:
- Use UNC notation if your server and share names are not likely to change, but drive
letter mappings vary between users.
- Use mapped drive letters, if drive letters stay the same, but server names may
If you use UNC, specify a server name and a share name, for example
File Encryption matches UNC names and mapped drive letters
internally. In a rule, a path therefore needs to be defined either as a UNC path or with
mapped drive letters.
Note: Since users may be able to change their drive letter
mappings, we recommend to use UNC paths in File Encryption rules for security
- Offline folders
If the Windows feature Make Available
Offline is used, you do not have to create special rules for local (offline)
copies of folders. New files in the local copy of a folder that has been made available
for offline use are encrypted according to the rule for the original (network)