VIPRE Security Knowledge

SafeSend Cloud: Data Loss Prevention (Rulesets)

Data Loss Prevention

Super Administrator

Written By Marissa Fegan (Super Administrator)

Updated at April 30th, 2026

Table of Contents

Create a DLP Ruleset Content Scanning Rules Client/Keyword Domain Rules Link Policies To manage an existing DLP ruleset

Using rulesets, VIPRE SafeSend Cloud can prevent sensitive information from being sent out to the wrong client. DLP (Data Loss Prevention) scans emails and attachments for specific client keywords or regular expressions, then requires user confirmation before the email is sent.   

There are three important features associated with DLP:

  • Client Keyword/Domain Scanning allows you to identify a set of client keywords or regular expressions and associate those with a set of client domains or individual email addresses
  • DLP Content Scanning presents sensitive content to the user, allowing the user to determine if the email should be blocked or sent with additional confirmation
  • DLP Scan Password-Protected Attachments allows SafeSend to detect password-protected .zip files and prompt the user to add the password and decrypt the file so it can scan the attachment

Create a DLP Ruleset

  1. Navigate to MANAGE > Rulesets
  2. Click +Add Ruleset in the top right corner
  3. Name your ruleset and click Save
  4. Find your newly created ruleset in the list then click the name to open it

Content Scanning Rules

  1. To add a content scanning rule, click +Add Rule under Content Scanning Rules
    1. Name your content scanning rule
    2. Select from the following actions in the dropdown box: Inform, Confirm, ConfirmText, Deny
      1. Confirm is the default selected action
    3. Choose the content type: All Support Files, All Except PDF, or Specific File Types
      1. If selecting Specific File Types, a box will appear allowing you to select all desired file types you want DLP to scan
    4. Write a regular expression (also known as regex)
      1. If you need assistance, you can do an Internet search for a regex generator or use an AI model to help create a regex
      2. For the purposes of this example, in the screenshot below, we used AI to generate a regex to look for social security numbers, but you can also use it to look for things like credit card numbers, national insurance number, and other sensitive data types
    5. Test your regex by adding test strings to match and test strings to NOT match
      1. Green indicates the test passed; Red indicates the test failed
    6. When done, click OK at the bottom 

Pro Tip: Using Test Strings for DLP Rule Management

The Test Strings feature is an essential, built-in Regex tester that saves your input for future rule modifications. Using it can drastically improve your workflow:

Scenario 1: Immediate Validation

  • When creating a new DLP rule, use the Match and Not Match sections to immediately test your regular expression (regex) right inside the editor; this ensures your rule is accurate before deployment

Scenario 2: Future Proofing Modifications

  • If a rule needs to be updated (e.g., due to false positives from product numbers being flagged as PII) months after deployment, you can easily use the saved test strings to quickly test your regex modifications and confirm the change fixes the issue without breaking the rule's original intent; this avoids the need to find an external online tester and rebuild test data from scratch
 

Client/Keyword Domain Rules

  1. To add a client/keyword domain rule, click +Add Rule under Client/Keyword Domain Rules
    1. Add any keywords you want SafeSend to look for
    2. Add any domains or email addresses you want to associate with the above keywords
    3. Alternate Text Domain replaces the visual representation of specific domains with your preferred display text
    4. Click OK 
  1. To link a policy to your DLP ruleset, locate the desired policy in the Not Linked column and drag it over to the Linked policy
  2. Click Save at the top

To manage an existing DLP ruleset

  1. From within the SafeSend Cloud console, click on Manage > Rulesets
  2. Select the desired existing ruleset from the list by clicking on the name
  3. On the left side of your screen, you can edit existing content scanning rules or client/keyword domain rules by clicking on the pencil icon in the same line as your rule
  4. On the right side of your screen, you can change the policy associated with your ruleset by dragging the policy between Linked and Not Linked; you can also link rulesets to a policy within the DLP setting under Policies

For complete details on SafeSend Cloud policies, including additional policy-based DLP settings, navigate to: SafeSend Cloud Policies.

Related Articles

Configure VIPRE SafeSend

If you want to get started using SafeSend with the default configuration, you can...

Enable VIPRE Email Security Integration

Enabling the integration gets you to a one-time registration step in which you'll...