Data In Motion policy configuration does not work as expected

Document ID : KB000112745
Last Modified Date : 03/09/2018
Show Technical Document Details
Issue:
You can use the Client Network Agent (or 'network agent') to control web activity on endpoint computers. Specifically, the network agent can monitor HTTP and SSL/TLS (HTTPS) requests. This activity includes attempts to post files and comments to web sites or to submit form data.  The network agent can apply policy to network activity in any browser and applies Data In Motion triggers.

Some users have noted that when they use CA Data Protection with a Data in Motion file trigger configured using the "Included Top Level File Names" setting the policy does not work as expected.

For example:

Top Level File Names
Environment:
CA Data protection 14.x\15.x
Cause:
This is working as designed CA Data Protection File Triggers work through exclusion rather than inclusion.
Resolution:
CA Data Protection can either

(1) Capture everything by using the "Included Top Level File Names" setting of "*"

For example:

Top Level File Name - Include

(2) Capture everything by using the "Included Top Level File Names" setting of "*" but set a list of file types that can be safely ignored by defining the "Ignored Top Level File names"

For example:

Top Level File names - Ignore

Or

(3) Set the "Which Top Level File List?" to "Use the Excluded list" and defining the "Excluded Top Level File Names".  If you specify the Excluded list, all files trigger a control event unless the file is listed in the "Excluded Top Level File Names". 

For Example:
Top Level File Names - Exclude