VIPRE SafeSend can prevent sensitive information from being sent out to the wrong client. DLP (Data Loss Prevention) scans emails and attachments for specific client keywords or regular expressions, then requires user confirmation before the email is sent.
There are three important features associated with DLP:
- Client Keyword/Domain Scanning allows you to identify a set of client keywords or regular expressions and associate those with a set of client domains or individual email addresses - this is configured under DLP section header
- DLP Content Scanning presents sensitive content to the user, allowing the user to determine if the email should be blocked or sent with additional confirmation - this is configured under DLP section header
- DLP Scan Password-Protected Attachments allows SafeSend to detect password-protected .zip files and prompt the user to add the password and decrypt the file so it can scan the attachment - this is configured under Settings > Advanced
Enable or Manage Data Loss Prevention
Web Add-in v6.0 and higher
To enable DLP Rulesets
If you are using the Default Policy, or another existing policy, select that policy to open it, then continue with step 1 below.
If you are creating a new policy, select Manage > Policies > + Add Policy. Name your policy in a way that appropriately describes it and click Save. Once your policy is created, select that policy to open it, then continue with step 1 below.
- Click the DLP tab from the top navigation menu
- Click the + to create a new ruleset
- Name your ruleset and click Save
- Click on your new ruleset under Not Linked, then click on the name of your ruleset to open it
Important
Alternatively, you can access DLP rulesets by selecting Rulesets in the left side menu.
- If you are creating a new DLP ruleset, click +Add Ruleset in the top right corner of the screen
- If you are accessing an existing DLP ruleset, locate the ruleset in the existing list and click on the name to open it
Content Scanning Rules
- To add a content scanning rule, click +Add Rule under Content Scanning Rules
- Name your content scanning rule
- Select from the following actions in the dropdown box: Inform, Confirm, ConfirmText, Deny
- Confirm is the default selected action
- Choose the content type: All Support Files, All Except PDF, or Specific File Types
- If selecting Specific File Types, a box will appear allowing you to select all desired file types you want DLP to scan for
- Write a regular expression (also known as regex)
- If you need assistance, you can do an Internet search for a regex generator or use an AI model to help create a regex
- For the purposes of this example, in the screenshot below, we used AI to generate a regex to look for social security numbers (Google, 2025)
- Test your regex by adding test strings to match and test strings to NOT match
- Green indicates the test passed; Red indicates the test failed
- When done, click OK at the bottom
Hint: All Test Strings to Match or NOT Match need to be in the Passed state in order to save your Content Scanning Rule.
Client/Keyword Domain Rules
- To add a client/keyword domain rule, click +Add Rule under Client/Keyword Domain Rules
- Add any keywords you want SafeSend to look for
- Add any domains or email addresses you want to associate with the above keyboards
- If you want SafeSend to automatically rewrite the listed domains with alternate text, add that under Alternate Text Domain
- Click OK
Link Policies
- To link a policy to your DLP ruleset, locate the desired policy in the Not Linked column and drag it over to the Linked policy
- Click Save at the top
To manage an existing DLP ruleset
- From within the SafeSend console, click on Manage > Rulesets
- Select the desired existing ruleset from the list by clicking on the name
- On the left side of your screen, you can edit existing content scanning rules or client/keyword domain rules by clicking on the pencil icon in the same line as your rule
- On the right side of your screen, you can change the policy associated with your ruleset by dragging the policy between Linked and Not Linked
For complete details on SafeSend Web Add-in policies in version 6.0 or higher, navigate to: Web Add-in v6.0+ Policies.
Web Add-in v5.5 and below
- Open the file settings.json by right-clicking on the file to open it with Notepad or any other desired text/code editor
- Under the Data Loss Prevention (DLP) section header, you will see each associated setting (ClientKeywordDomainList, ContentScanningRules) as well as a description, options for that setting, and syntax
- All settings will be in their default disabled state until enabled
- To enable ClientKeywordDomainList:
- Uncomment by removing the // at the beginning of the line
- Use the syntax and examples provided in the settings.json file to configure the setting based on your needs
- To enable ContentScanningRules:
- Uncomment by removing the // at the beginning of the line
- Use the syntax and examples provided in the settings.json file to configure the setting based on your needs
- To enable DLPScanPasswordProtectedAttachments, allowing DLP to scan password-protected .zip files:
- Under the Advanced header, look for // "DlpScanPasswordProtectedAttachments": true,
- Uncomment by removing the // at the beginning of the line and ensure it's set to true
- Save and close the window when done
Important
Any changes made to Settings.json require the website to be restarted to take effect. This should be done outside of normal operating hours to avoid potential service interruptions.