POLICY PATROL MFT Manual
MANUAL Policy Patrol MFT This manual, and the software described in this manual, are copyrighted. No part of this manual or the described software may be copied, reproduced, translated or reduced to any electronic medium or machine-readable form without the prior written consent of Red Earth Software except that you may make one copy of the program solely for back-up purposes. Policy Patrol is a registered trademark of Red Earth Software. All product names referenced in this documentation belong to the respective companies. Copyright 2001-2014 by Red Earth Software. All rights reserved.
Contents at a Glance 1 Introduction... 5 2 Installation... 8 3 File Transfers... 25 4 Contacts... 35 5 Users... 43 6 Exchange Agents & Rules... 47 7 Settings... 60 8 Troubleshooting... 81
Table of Contents 1 Introduction... 5 1.1 Why do you need Managed File Transfer?... 5 1.2 Policy Patrol highlights... 6 1.3 Why Policy Patrol?... 6 1.4 Conventions... 6 2 Installation... 8 2.1 Introduction... 8 2.2 Microsoft SQL Server or MySQL... 8 2.2.1 If you are using Microsoft SQL Server... 9 2.2.2 If you are using MySQL... 9 2.3 Installing the MFT Server... 9 2.3.1 Prerequisites... 10 2.3.2 Installation... 10 2.4 Installing the Exchange Server Agent... 14 2.4.1 Prerequisites... 14 2.4.2 Installation... 14 2.5 Completing Setup... 16 2.6 Adding Users to Policy Patrol MFT... 20 2.6.1 Synchronizing users from Active Directory21 2.6.2 Inviting users to Policy Patrol MFT... 22 2.7 Policy Patrol user groups... 24 2.7.1 Group permissions... 24 2.8 Uninstalling Policy Patrol... 24 3 File Transfers... 25 3.1 New Transfer... 25 3.1.1 Authentication Options... 27 3.1.2 Expiration options... 28 3.1.3 Notification options... 29 3.1.3.1 Upload notifications... 29 3.1.3.2 Download notifications... 29 3.2 Inbox... 29 3.3 Outbox... 30 3.4 Drafts... 31 3.5 Deleted... 32 3.6 Search File Transfers... 33 4 Contacts... 35 4.1 Manage contacts... 35 4.2 Invite Contacts... 36 4.3 Setting up a New Account... 37 4.4 Downloading Files... 40 4.5 Inbox... 41 4.6 Outbox... 41 4.7 Drafts... 42 4.8 New Transfer... 42 4.9 Changing Account Information... 42 5 Users... 43 5.1 Manage users... 43 5.2 Invite users... 44 5.3 Changing Account Information... 44 6 Exchange Agents & Rules... 47
6.1 Agent Management... 47 6.2 Agent Rules... 48 6.2.1 General... 48 6.2.2 Rule Users... 49 6.2.3 Rule Direction... 50 6.2.4 Rule Conditions... 51 6.2.5 Rule Exceptions... 54 6.2.6 Rule Actions... 55 6.2.7 Editing a Rule... 57 6.2.8 Ordering rules... 58 7.7 Email Templates... 67 7.8 Email Image Replacement... 70 7.9 Default Transfer Settings... 71 7.10 Retention Policy... 72 7.11 Branding... 73 7.11.1 Uploading Your Logo... 73 7.11.2 Customizing the Portal Theme... 75 7.12 Anti-Malware... 76 7.12.1 Install Metascan... 77 7.12.2 Enable Metascan in Policy Patrol... 79 7 Settings... 60 7.1 SMTP Settings... 60 7.2 Send Test Email... 61 7.3 Active Directory... 61 7.4 Updates... 62 7.5 Licenses... 62 7.6 Widgets... 62 8 Troubleshooting... 81 8.1 Knowledge Base... 81 8.1.1 How can I permanently delete a file?... 81 8.1.2 How can I change my password or security question?... 81 8.1.3 How can I change the expiration date of a File Transfer?... 81 8.2 Contacting Red Earth Software... 82 iv
Chapter 1 Introduction P olicy Patrol MFT allows users to exchange files securely inside and outside the organization, without requiring the user to change the way they work. By making use of email rules, Policy Patrol can ensure that files are automatically exchanged according to company policy. 1.1 Why do you need Managed File Transfer? All companies have a need to exchange files with external contacts. The most common way of exchanging files is by attaching them to an email. Although this is an easy and fast way of exchanging files, there are a number of disadvantages to this method: 1. Large attachments might not get through since most mail servers impose limits on the size of email attachments. 2. Email can be intercepted and confidential attachments can be exposed. 3. You cannot be sure that the intended recipient has received and downloaded your files. Another solution is to use FTP to send and receive files. The problem with FTP is that it is usually not secure and it involves the Administrator setting up FTP accounts and maintaining these accounts and permissions which can be time intensive and pose delays for the user trying to send the files. The other solution is to burn files on a CD or DVD and send them via courier. Needless to say this method is far from ideal; there is a high cost involved and it delays delivery. Companies require a solution that allows their users to send and receive large and confidential files securely and instantly. A Managed File Transfer solution allows files to be uploaded to a secure server, from where the (if applicable authenticated) recipient can download the files and the sender receives confirmation that the files have been downloaded. 5
1 INTRODUCTION 1.2 Policy Patrol highlights Policy Patrol offers the following capabilities: Send and receive files securely with external contacts. Send and receive files securely inside the organization. Standard Authentication for one-off contacts. Advanced Authentication for regular contacts and increased security. Automatically send email attachments securely without requiring user input. Specify conditions that must be met in order to send email attachments securely. Overcome email attachment size limits. Manage the life cycle of files. Central visibility into the files that are being exchanged by your company. Role based access Audit trail for each individual file, including who uploaded and downloaded the file and when. If download/upload is interrupted the process can be started from where it failed, instead of having to start from scratch again. Receive upload and download notifications. 1.3 Why Policy Patrol? Policy Patrol integrates into your current email environment and lets you set company-wide rules for sending email attachments securely. The advantage of this is two-fold; Thanks to the Exchange Server integration the process is completely transparent to the user, and does not require the user to change the way they currently work. In addition, thanks to the comprehensive rules, companies no longer need to leave it up to the user to decide when to send files securely. Instead, the company can define rules and policies that will govern the sending of email attachments and rest assured that files are exchanged securely when necessary. Since the integration is at Exchange Server level, there is no client installation necessary. Users can also send file transfers via your company portal, and your customers and suppliers can send files to you via your website. 1.4 Conventions Conventions used in this manual: Bold text is used to signify a selection or button, for instance the Deliver button, or the option Move to Folder. Courier font is used to signify text that must be entered in the program, for instance enter pricelist and click Submit to search for the term. Paragraph and chapter names are listed in between parentheses, for instance for instructions on how to install Policy Patrol, consult chapter 2 Installation. 6
1 INTRODUCTION Keys are displayed in capitals and in between brackets, such as [CAPS], [TAB] or [DELETE]. Throughout the manual there are Tips, Info and Notes that contain useful information: Note type: Tip Info Note Contains: Useful information to get the best out of Policy Patrol More in-depth, background information Important notes that you should be aware of 7
Chapter 2 Installation T his chapter describes the steps for installing the different Policy Patrol MFT components and their system requirements. 2.1 Introduction The Policy Patrol MFT program consists of the following components: 1. Policy Patrol MFT Server 2. Policy Patrol MFT Agent (for Exchange) The components must be installed in the order listed above. Note The Policy Patrol MFT Agent is the only component that must be installed on an Exchange Server machine. The Policy Patrol MFT Server can be installed on the same machine as the Policy Patrol MFT Agent or on a different machine, depending on your preference. 2.2 Microsoft SQL Server or MySQL Before installing the Policy Patrol MFT Server, Microsoft SQL Server or MySQL needs to be installed. For more information see the respective paragraph below. 8
2 INSTALLATION 2.2.1 If you are using Microsoft SQL Server Policy Patrol MFT supports Microsoft SQL Server 2008 R2 or 2012. Microsoft SQL Server must be installed before the Policy Patrol MFT Server is installed. Policy Patrol MFT can be installed on the same machine as Microsoft SQL Server, but it can also be installed on a different machine. Note that if Microsoft SQL Server is installed on another machine, you must make sure that in Server Properties > Connections, the Allow remote connections to this server checkbox is checked. Also, the SQL Database user (entered during the Policy Patrol MFT Server installation) needs to use SQL Server authentication, not Windows authentication. 2.2.2 If you are using MySQL MySQL 5.1.37 or higher needs to be installed before installing the Policy Patrol MFT Server. For instructions on how to install MySQL, consult the following web page: http://dev.mysql.com/doc/refman/5.5/en/installing.html. MySQL can be installed on the same machine as any of the Policy Patrol MFT components, but it can also be installed on a different machine. Important: If MySQL is installed on a different machine follow the next steps before installing Policy Patrol MFT Server: 1. Open a DOS command prompt on the server that has MySQL installed. (e.g.: cd C:\Program Files\MySQL\MySQL Server 5.5\bin); 2. Run the following command from the mysql\bin directory: mysql -uroot -ppassword (in this case, password is your root password created when installing MySQL); 3. A mysql> prompt should be displayed. 4. To grant remote connection privileges, run the following commands: mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD'; (where PASSWORD is the password used to connect to MySQL remotely from now on; and root is the user you created and used for the Policy Patrol MFT instance) mysql> FLUSH PRIVILEGES; mysql> exit; 2.3 Installing the MFT Server The MFT Server is the component that securely stores the files on the file server. The MFT Server must be installed before the Policy Patrol MFT Agent can be installed. 9
2 INSTALLATION 2.3.1 Prerequisites To install the Policy Patrol MFT Server, the following needs to be installed on the machine: Windows Server 2012, 2008/2008 R2 or Windows SBS 2011 Microsoft Internet Information Services (IIS) 7 Microsoft.NET Framework 4.0 (if you do not have this installed, the Policy Patrol installation program will download and install it for you) Note Before installing the Policy Patrol MFT Server, Microsoft SQL Server or MySQL needs to be installed. For more information see the respective paragraph above. We recommend using a machine that meets the Microsoft.NET Framework 4.0 system requirements: Minimum 1Ghz processor, 512 MB RAM, and 60 MB free disk space for the Policy Patrol components. Note however that if you do not yet have Microsoft.NET 4.0 Framework installed this will require another 600 MB 2 GB of disk space, depending on your operating system: http://msdn.microsoft.com/en-us/library/8z6watww.aspx. 2.3.2 Installation To install Policy Patrol MFT Server follow the next steps: 1. Double-click on ppmftserver.exe. The Install Program will start up. If you do not have Microsoft.NET Framework installed, the Policy Patrol installation program will install it for you. 2. In the Welcome screen, click Next. 3. Read the License Agreement and select Yes to accept the agreement 10
2 INSTALLATION 4. In Install Policy Patrol MFT Server to select the destination folder for the Policy Patrol installation. By default the program will be installed in C:\Program Files (x86)\red Earth Software\Policy Patrol MFT\Server. If you wish to change the location, click Change and select another folder. The Temporary Storage Location is used for any temporary files that need to be stored by the MFT Server. By default this location is or C:\Program Files (x86)\red Earth Software\Policy Patrol MFT\Server\Data\. If you need to change the location, click Change. The File Storage Location is used to store permanent files. Files that are sent and received by Policy Patrol MFT will be stored in this location until they expire or are removed. By default this location is C:\Program Files (x86)\red Earth Software\Policy Patrol MFT\Web\Storage\. If you want to change the file storage to another location on the current machine, click Change. If you want to use a network path, click Next and follow the instructions after installation in the Policy Patrol MFT Web Setup Wizard to change the location to a network path (see paragraph 2.5). When you are ready, click Next. 5. In Policy Patrol MFT Server IP (local IP address), your local IP address will be entered. You only need to change this if your machine has multiple IP addresses. If you have multiple addresses, you must enter the IP address that the Policy Patrol MFT Server is being installed on. 11
2 INSTALLATION In Port enter the port to be used for communicating with the Policy Patrol MFT Agent. By default this is port 8000. If you want to use a different port, remember that you will need to enter the same port number when installing the Policy Patrol MFT Agent (point 6 in paragraph 2.4.2), since the Policy Patrol MFT Server and Agent ports must match. It is recommended to leave the checkbox Add Port To Firewall ticked to ensure that your Windows Firewall is not blocking the communication between the Policy Patrol MFT components. 6. Enter the MySQL or MSSQL Server settings. Enter the IP Address or server name of the MySQL or MSSQL server to be used. If you are using MSSQL Express, you must use the full MSSQL server instance name, for example: SERVERNAME\SQLEXPRESS. Enter a Database user name and password. The Database user must have permissions to create a new database. Enter the database name that will be created, for instance ppmft_codata. Click Test Connection to verify that the settings were entered correctly. Click Next to continue. 7. Create a Policy Patrol MFT Instance. In Site URL enter the subdomain and domain that will be used in your URL. For instance if you enter upload as the subdomain, and yourdomain.com as the domain, your Policy Patrol MFT URL will be as follows: http://upload.yourdomain.com. Note that the subdomain should not include spaces and cannot be more than 100 characters. Make a note of the subdomain (in this example upload) since this is the name of the Policy Patrol MFT Server instance and needs to be entered during the Policy Patrol MFT Agent installation. 12
2 INSTALLATION 8. Enter the Administrator account details. This account can be used to login to the Policy Patrol MFT Portal. Enter the Administrator s First Name and Last Name. Enter the User Name to be used when logging onto the Policy Patrol MFT Portal. Enter the password and enter it again to confirm. Enter the Administrator s email address. Enter the email address again to confirm. 9. Click Install to confirm the installation. If you want to review or change your installation settings, click Back. 10. In the Installation wizard complete dialog, click Finish. 13
2 INSTALLATION 2.4 Installing the Exchange Server Agent This component processes and applies Exchange Rules. The Exchange Server Agent must be installed on the Exchange Server machine. 2.4.1 Prerequisites The following programs need to be installed on the same machine: Windows Server 2012, 2008/2008 R2 or Windows SBS 2011 Microsoft Exchange Server 2007, 2010 or 2013 Microsoft.NET Framework 4.0 (if you do not have this installed, the Policy Patrol installation program will download and install it for you) Note The Policy Patrol MFT Agent must be installed on the Exchange Server machine. If you have multiple Exchange Servers you must install Policy Patrol on the Exchange Server(s) with the Hub Transport Role. 2.4.2 Installation To install the Policy Patrol MFT Agent follow the next steps: 1. Double-click on ppmftagent.exe. The Install Program will start up. If you do not have Microsoft.NET Framework 4.0 installed, the Policy Patrol installation program will download it for you. 2. In the Welcome screen, click Next. 14
2 INSTALLATION 3. Read the License Agreement and select I accept the terms in the license agreement to accept the agreement. 4. Select the destination folder for the Policy Patrol installation. By default the program will be installed in C:\Program Files\Red Earth Software\Policy Patrol MFT\Agent (32-bit) or C:\Program Files (x86)\red Earth Software\Policy Patrol MFT\Agent (64-bit). If you wish to change the location, click Change and select another folder. When you are ready, click Next. 5. Enter the Policy Patrol MFT Agent Settings. In MFT Agent Name, enter the name for the agent. This name will be shown in the Agent list in the Policy Patrol MFT Portal. In MFT Instance Name, enter the MFT Instance Name (subdomain) you entered during the Policy Patrol MFT Server, in our example upload (See paragraph 2.3.2 point 7). 15
2 INSTALLATION 6. Enter the Policy Patrol MFT Agent IP Address and Port Settings. In Agent IP (Local IP Address), enter the IP address of the local machine. In MFT Server IP Address, enter the IP address of the Policy Patrol MFT Server. In Port for communicating with the server, enter the port to be used by the Policy Patrol MFT Agent to communicate with the Policy Patrol MFT Server. By default this is port 8000. If you changed the port during the Policy Patrol MFT Server installation (see point 5 in paragraph 2.3.2), you must enter the same port in this dialog (the Policy Patrol MFT Server and Agent ports must match). Select the checkbox Add Firewall Rule For This Port if you want the installer to automatically insert an exception for the port in the Windows Firewall (recommended if you have Windows Firewall enabled). 7. Click Install to confirm the installation. If you want to review or change your installation settings, click Back. 8. In the Installation wizard complete dialog, click Finish. 2.5 Completing Setup Now you must login to the Policy Patrol MFT Portal to complete the Setup. 16
2 INSTALLATION 1. Login to the Policy Patrol MFT portal, in our example http://upload.yourdomain.com. Enter the credentials that you entered during the Policy Patrol MFT Server installation. 2. Click Next in the Web Setup Wizard screen. 17
2 INSTALLATION 3. Select whether you wish to store files on a local drive on the Policy Patrol MFT Server (Local Drive), or to a network path (Network Share). If you select Local Drive, the storage folder that was entered during installation will be used (see point 4 in paragraph 2.3.2). If you select Network Share, you will be asked to enter the network path details: In UNC Path To Remote Folder, enter the network path to the shared folder, for example \\HostName\SharedFolder. Enter user credentials with access to the UNC path (note that the user must have read/write permissions for that folder). Enter the Domain\UserName, for example AUT\Administrator, and the password. When you are ready, click Next. 18
2 INSTALLATION 4. In SMTP Host, enter the IP address of the SMTP host. In SMTP Port, leave 25 entered, unless you know it uses a different port. Click on Advanced Settings to see advanced options. Select Enable SSL to specify whether SSL is used to access the configured SMTP host. Select Ignore Certificate if you wish any SSL certificate warnings to be ignored. If the SMTP host requires SMTP authentication you must enter your Domain, i.e. YOURDOMAIN, user name and password. When you are ready, click Next to continue. 19
2 INSTALLATION 5. In the My Account dialog, enter the account information for the Administrator. Click Next. You have now completed the set up for Policy Patrol MFT. Click Finish to enter the Portal. You must now add users to Policy Patrol MFT as described in paragraph 2.6. 2.6 Adding Users to Policy Patrol MFT You can add Policy Patrol MFT users by synchronizing with the Active Directory and adding members to the Policy Patrol MFT Active Directory Groups. Alternatively you can invite users by going to Users > Invite User in the Policy Patrol MFT Portal. 20
2 INSTALLATION 2.6.1 Synchronizing users from Active Directory If you wish to automatically add Policy Patrol MFT users by applying group memberships in Active Directory, you must follow the next steps in the Policy Patrol MFT Portal: 1. Go to Settings > Active Directory. 2. In Server Address enter the IP address of your Domain Controller. Enter the Administrator username (DOMAIN\Username) and password. This account must have rights to create groups in Active Directory. If you select Enable synchronization, Policy Patrol will query the Policy Patrol Active Directory Groups for new users. If Policy Patrol finds new users it will add them to the Unlicensed users list. Select Automatically license new users if you wish to automatically add any new users to the Licensed users group. Note Licensed users can send and receive transfers. Unlicensed users can only see past transfers. 3. When you are ready, Click Update. If everything is correct, you should see a green circle with a check mark followed by: Active Directory synchronization is running. You will now see three Policy Patrol MFT Groups in Active Directory: 21
2 INSTALLATION Group Policy Patrol MFT Compliance Officers Policy Patrol MFT Administrators Policy Patrol MFT Users Default members No default members Domain Administrators No default members By default the Domain Administrators are a member of the Policy Patrol MFT Administrators group. The different permissions per user group are described in the paragraph Policy Patrol user groups. In order to allow users to send and receive transfers, you must add them to one of the Policy Patrol MFT groups. Note In order to provide users access to Policy Patrol MFT, they will need to be added as a member of one of the Policy Patrol MFT Active Directory groups, or they need to be invited as a user (see below). 2.6.2 Inviting users to Policy Patrol MFT In addition to synchronizing with Active Directory, you can also invite users as follows: 1. Go to Users > Invite New User. 22
2 INSTALLATION 2. Enter the user details: First Name, Last Name, and Email Address. In Username, enter the suggested user name (the user name is used when the user logs on to the Portal). This user name will be prefilled when they create their account. If desired, the user can change the user name when setting up their account. In Custom Message, enter the message you would like to include (if any). This message will be inserted into the User invitation message. Select the user role for this user: User, Administrator or Compliance Officer. Click Invite. The user will be listed under Pending User Invitations. 3. The user will now receive an invitation email that will ask the user to click on the link in the email to create their user account. When they click on the link, they will be asked to enter their account details. If they did not receive the invitation email, go to Users > View Pending Invitations. Click on Resend Invitation for the User. 4. The user will then receive an email asking them to activate their account. The account will now be enabled and the user will be listed under Users > Manage Users. Info The texts for invitation and activation emails can be edited in Settings > Email Templates. 23
2 INSTALLATION 2.7 Policy Patrol user groups Policy Patrol MFT can be used by three different user groups, based on their role within the organization: Policy Patrol MFT Compliance Officers (these users have access to all options in the program and can view all users transfers, and permanently delete transfers and files from the Deleted folder). Policy Patrol MFT Administrators (these users can access all settings, add licenses, install components, but can only view their own transfers - they have no access to file transfers from other users. They also cannot permanently delete files and transfers, only move transfers to the deleted folder). Policy Patrol MFT Users (these users can invite contacts, move files and transfers to deleted items, but can only view their own transfers and cannot view settings or permanently delete from deleted items). 2.7.1 Group permissions Below is an overview of the permissions per user group: Permissions Compliance Officers Administrators Users View your own transfers Yes Yes Yes View transfers of others Yes No No Permanently remove from deleted Yes No No View Settings node Yes Yes No Disable contacts Yes Yes Yes Reset password for contact Yes Yes Yes Delete contact Yes No No View deleted items folder Yes No No 2.8 Uninstalling Policy Patrol When uninstalling Policy Patrol MFT, uninstall each component from Add or Remove programs. Make sure however, that you uninstall Policy Patrol MFT Server last. 24
Chapter 3 File Transfers T his chapter describes how to initiate new file transfers and the different transfer options that are available. In addition it describes how to manage file transfers including searching, expiring and deleting file transfers. 3.1 New Transfer Files can be uploaded by clicking on New Transfer. 25
3 FILE TRANSFERS To select files to be uploaded, click on Add Files or the plus sign (+). Alternatively, drag and drop files into the area marked with Drag files here. You can select single or multiple files. You can also select entire folders to be uploaded. Each file will appear in the list along with the size of the file. The total size of all files will also be listed. If you want to remove a file from the upload, click on the minus sign (-) next to the file. Click on the Thumbnails button in the top right corner to see the thumbnails for the files. To go back to the List view, click on the List button next to it. To upload the files to the Policy Patrol MFT server click on Start Upload. Note that you do not need to click on Start Upload; when you click Send the files will automatically be uploaded too. Now enter the name and email address of the recipient and the subject for the email. Multiple recipients need to be separated by a comma. If you wish to add a message, click on Add a message and enter the message to be included in the email notification to the recipient. 26
3 FILE TRANSFERS In Adjust Transfer Settings there are a number of further options available that are discussed in the next paragraphs. When you are ready, click Send. The file transfer will now be listed in your Outbox folder. If you are not ready to send the transfer yet, you can click Save. The transfer will be saved in your Drafts folder. To send the transfer from Drafts, click on the Edit button for the Transfer and click on the Send button. 3.1.1 Authentication Options Select whether you wish to send the file(s) using Standard Authentication or Advanced Authentication. If Standard Authentication is selected, the recipient will receive an email with a unique URL in the email to the uploaded file(s). The advantage of this method is that it is easy for the recipient to retrieve the files. The recipient simply has to click on the link and download the files from a web page. The disadvantage of this method is that theoretically anyone who intercepts the email is able to download the files. 27
3 FILE TRANSFERS Advanced Authentication is a more secure way of sending files. If Advanced Authentication is selected, the recipient will receive an email that they have received a new transfer. When they click on the download link they will be asked to enter their Policy Patrol MFT credentials, after which the files will be downloaded. If the contact does not yet have an existing account, the contact will automatically receive an invitation email asking them to create a new user account. After creating the account, the contact will be able to download the files. 3.1.2 Expiration options Select whether you wish the files to expire. You can either select to expire the file(s) after a certain number of days, and/or you can select to expire the file(s) when they have been downloaded for a specified number of times per recipient. If you select to expire the files after a certain number of days, the expiration date will be shown in the Expiration column of the Transfer details. Once this expiration date is reached, the files will no longer be available to the recipient and the transfer will be marked as Expired in the Sender s Outbox folder. If you select to allow only a certain number of downloads per recipient, the recipient will automatically be denied access to the file once the maximum number of downloads is reached. Once all recipients of a file transfer have reached the maximum number of downloads, the file transfer will be marked as Expired in the Sender s Outbox folder. 28
3 FILE TRANSFERS 3.1.3 Notification options You can select from a number of notification options: 3.1.3.1 Upload notifications Select Send notification when upload succeeds to receive an email notification when your files are successfully uploaded. If you select the option Send notification when upload fails, you will receive an email if there is a failure during upload. 3.1.3.2 Download notifications You can also select to receive a download notice when the file is downloaded by the recipient. Select On First Download if you only wish to receive a notification the first time the recipient downloads the file(s). If you wish to receive a notification each time the files are downloaded by the recipient, select On Every Download. If you do not want to receive a download notice, select Never. 3.2 Inbox You can view all incoming transfers by going to Inbox. The sender, subject, recipient, date received, and number of files will be listed for each file transfer you received. Note If the sender or recipient name is not known, the email address will be displayed. Click on the transfer to view the details (you can click on any item, e.g. subject, sender, etc). The details pane shows the sender, recipient, date and message for the file. For each file included in the file transfer, the file name and size will be displayed. To download the file, click on the download link next to the file. To return to the Inbox view, click << Back. Note When an incoming file transfer expires (i.e. the expiration date is reached or your maximum number of downloads is reached) the file transfer will no longer be listed in the Inbox. 29
3 FILE TRANSFERS If you wish to delete a file transfer, select the checkbox next to the file transfer and click on the Delete button. A warning dialog will pop up. If you choose Yes, the selected transfer is moved to the Deleted folder. The file(s) will still remain on the File Server though. A warning dialog will pop up. If you choose OK, the selected files are moved to the Deleted folder. If only one file is deleted from a transfer with several files, the deleted file will be listed in the Deleted folder identically to the original transfer, but the only file in the transfer in the Deleted items will be the deleted file. The other files will remain in the File Transfers in the Inbox folder. The file(s) will still remain on the file server though. 3.3 Outbox You can view all sent transfers by going to Outbox. The recipient, subject, date sent, number of files, and status will be listed for each transfer you sent (and has not been deleted). Click on the transfer to view the details (you can click on any item, e.g. subject, sender, etc). The details pane shows the sender, recipient, date and message for the file. For each file included in the file transfer, the file name, size, and status will be displayed. To download the file, click on the download link. If you wish to view or change the expiration date or maximum number of downloads, you can click on the Details button. The Details button next to the file transfer will show information about all the files in the transfer, if you click on the > sign next to the file transfer and then on the Details button next to the file name you wil see information about that file only. The Expiration tab includes information on the expiration date for the file. The Download Limit tab includes information on the number of times the file was downloaded and the maximum number of allowed downloads. To change the expiration date, click on the Expiration tab and select the option..expire on.. (where the selected date will be the expiration date),..expire in.. (where you enter the number of days the file should be available from today) or.. extend by.. (where you enter the number of additional days the file should be available after the existing expiration date). Click Apply to save the changes. 30
3 FILE TRANSFERS To change the maximum number of allowed downloads, click on the Download Limit tab and enter the additional number of downloads that you wish to apply (this will be in addition to the number of allowed downloads listed at the top of the dialog). Click Apply to save the changes. If you change the expiration date to a date that has passed, the files will marked as Expired. The file(s) will still remain on the File Server, however the recipient will no longer have access to the files. If you only expire one file from a transfer with several files, the file will show as Expired in the list and will no longer be available to the recipient. All other files in the file transfer will still be available. If you wish to delete a file transfer, select the file transfer and click on the Delete button. A warning message will appear. If you choose OK, the file transfer is moved to the Deleted folder. The file(s) will still remain on the File Server, however the recipient will no longer have access to the files (if the recipient clicks on the file link, they will see a message saying that the file has expired and is no longer available). To delete an individual file, select the file(s) to be deleted and click on the Delete button. A warning dialog will pop up. If you choose OK, the selected files are moved to the Deleted folder and will be listed under the file transfer. The file(s) will still remain on the file server, however the recipient will no longer have access to the files. 3.4 Drafts Drafts Transfers are transfers that have not yet been sent. Draft Transfers are created by going to New Transfer and then clicking Save instead of Send. You can view all draft transfers by going to Drafts. The subject, recipient, and number of files will be listed for each draft file transfer. Note If the sender or recipient name is not known, the email address will be displayed. 31
3 FILE TRANSFERS If you wish to send a draft file transfer, select the transfer and click on the Edit button. You will now go to the New Transfer dialog. Make any necessary changes and click on the Send button. To delete a file transfer from Drafts, click on the Delete button next to the file transfer. The item will now no longer appear in Drafts. 3.5 Deleted You can view all deleted transfers by going to Deleted. The sender, subject, recipient, date received, and number of files will be listed for each transfer that was deleted. Note If the sender or recipient name is not known, the email address will be displayed. If you wish to permanently delete a file transfer, select the transfer to be permanently deleted and click on the Purge button (note that this button is only available to Compliance Officers). A warning dialog will pop up. If you click OK, the transfer and its associated files will be permanently removed from the file server. If the recipient clicks on the link of an expired or deleted file, they will see a message saying that the file has expired and is no longer available. If you wish to permanently delete only certain files from the file transfer, select the file(s) to be permanently deleted and click on the Purge button (note that this button is only available to Compliance Officers). A warning dialog will pop up. If you click OK, the selected files will be permanently removed from the file server. The other files in the file transfer will still remain in 32
3 FILE TRANSFERS the Deleted folder and on the file server. If the recipient clicks on the link of an expired or deleted file, they will see a message saying that the file has expired and is no longer available. Click on the > sign next to the transfer to see the files included in the transfer. The File Name and Size will be listed, along with a download icon to download the file. Note You cannot edit the Expiration date or Maximum number of downloads for a Deleted transfer. To do this, you would have to restore the file transfer or file first. To restore a file transfer, select the appropriate file transfer(s) and click on the Restore button. The selected file transfers will be moved from the Deleted folder to the appropriate folder (Inbox or Outbox). To restore individual files only, select the appropriate file(s) and click on the Restore button. A dialog will pop up asking you to confirm whether you wish to restore the selected file(s). When you click OK, the selected files will be moved from the Deleted folder to the appropriate folder (Inbox or Outbox). If not all files from a transfer are restored, only the selected file(s) will be moved. The file transfer will remain listed in the Deleted folder but will only show the other remaining file(s). If there is only one file in the transfer, restoring the file will also restore and move the entire transfer out of the Deleted folder and back to the appropriate folder. Note If an incoming file transfer is deleted, it will remain visible in the Deleted folder until it expires (i.e. the expiration date is reached or the maximum number of downloads per recipient is reached). When it expires, the file transfer will no longer be listed in the Deleted folder. 3.6 Search File Transfers Policy Patrol MFT includes a simple search field that is accessible in the top right corner of the Portal. If you enter a search query in this field, Policy Patrol will search for items and will display any results that match. Policy Patrol will search the following fields: Sender: This includes the name and email address of the sender. 33
3 FILE TRANSFERS Recipient: This includes the name and email address of the recipient. Subject: This is the subject of the file transfer or email. Body: This is the body of the email or the optional message that was entered during the file transfer. File name: The name of the files in the transfer. 34
Chapter 4 Contacts P olicy Patrol MFT allows you to send secure file transfers to contacts outside your organization. If using Advanced Authentication, contacts need to create an account in order to be authenticated. This chapter describes how to manage and create accounts for contacts and how they can download files. 4.1 Manage contacts Go to Contacts > Manage contacts to see a list of contacts that have set up an account and can use Advanced Authentication. For each contact the name, company, email address, and status will be displayed. 35
4 CONTACTS To temporarily disable a contact, click on the Disable button next to the contact. If the contact goes to the Policy Patrol MFT portal, or clicks on a file download link, they will see a message saying that their account has been disabled. To enable a contact again, click on the Enable button next to the contact. To reset the password for the contact, click on Reset Password. The contact will receive an email asking them to create a new password. Note that there are no action buttons for contacts using an external account to sign in, such as Google or LinkedIn. 4.2 Invite Contacts There are three ways to invite new contacts to set up an account in order to exchange secure files with you: 1. By sending the new contact secure files through the New Transfer page and selecting the Advanced Authentication option. 2. By going to Invite Contacts and submitting an invitation to create a new account (you would choose this option if you wish to receive files from this recipient, or if you wish the recipient to create the account before you send any files for increased security). 3. By sending the contact an email for which an email policy rule applies with Advanced Authentication. To invite a new contact, go to Contacts > Invite New Contact. Enter the first name, last name and email address, company and suggested user name. The email will already include the standard email template. If you wish to add a custom message too, you can do this by entering text in the Message field. When you are ready, click Invite. 36
4 CONTACTS Once a contact has been sent an invitation they will be listed in Pending Invitations. When the contact clicks on the verification link in the email and sets up their account, the contact will be moved from Pending Invitations and will be listed under Manage contacts. If the contact has not yet set up their account you can resend the invitation email by clicking on the button Resend Invitation. If you wish to delete a pending invitation, you can click on the Delete button. 4.3 Setting up a New Account After sending an invitation to a new contact, the contact will receive an invitation email (the email text can be customized in Email Templates). The invitation email will contain a link that will show a dialog allowing the user to create a new account in Policy Patrol MFT or sign in with an existing Google or LinkedIn account. 37
4 CONTACTS To create a new account in Policy Patrol MFT, click on Create new Policy Patrol MFT Account. The contact will now be asked to enter their name, email address, company name and password. They must also select a security question from the list and enter the answer to the security question (the answer is not case sensitive). If the user forgets their password, they will be able to reset their password by providing the correct answer to the security question. After the contact clicks on the button Create Account, the contact will receive a verification email with a link. When the contact clicks on the link in the email, the account will be enabled. If the contact does not click on the link to verify the email address, the Contact will be listed in de the Pending Contact Invitations list. To use an existing Google or LinkedIn account, the contact must click on the appropriate button and enter their login details. An additional dialog will appear asking the contact to enter some additional information. After completing the account creation, an activation link will be sent to the contact s email address. The account will be enabled when the contact clicks on the activation link. The contact will now be able to login to Policy Patrol MFT by clicking on the Google or LinkedIn button and entering their login details. 38
4 CONTACTS If the Contact has forgotten their password, they will be able to click on the I forgot my password link. The contact must enter the answer to their security question. If the answer to the security question is correct, the Contact is sent an email with a link from where they can reset their password. You can also reset the password for a contact from Manage Contacts (see paragraph 4.1). If you reset the password for a contact, they will receive an email with a link to reset their password. 39
4 CONTACTS 4.4 Downloading Files When the Contact has received new files and clicks on the download link, the Contact will be asked to enter their Policy Patrol MFT portal login details. The download will start automatically after entering the details. 40
4 CONTACTS 4.5 Inbox Contacts will be able to browse incoming file transfers by going to the Inbox folder. When a transfer expires or is deleted by the Sender, the file transfer will no longer be displayed in the Inbox. If a Contact clicks on a link in an email notification of an expired or deleted transfer, the Contact will see a message saying that the files have expired. To view and download the files of the file transfer, the Contact must click on the > sign next to the File Transfer. To delete the transfer, the Contact can select the checkbox next to the transfer and click on the Delete button. To delete individual files, the checkbox next to the file must be selected and then the Contact must click Delete. 4.6 Outbox Contacts can browse their outgoing file transfers from the Outbox. 41
4 CONTACTS 4.7 Drafts The Drafts folder lists saved transfers that have not yet been sent. 4.8 New Transfer Contacts will be able to send files securely to your organization by going to New Transfer. The options will be the same as described in Chapter 3. Note Contacts can only send files to Policy Patrol MFT users, not to contacts or other external email addresses. 4.9 Changing Account Information If you wish to change your details or your security question and answer, you can do this by going to My Account > My Information. Click Save to save any changes. To change your password, go to Change Password. Enter your old password and your new password. Confirm your new password and click Save. 42
Chapter 5 Users P olicy Patrol MFT licenses users from your Active Directory. This chapter describes how to import users, license users and disable users. 5.1 Manage users In Manage users you will see a list of Active Users, Unlicensed Users and Disabled Users. Users in the Active Users list are able to send and receive files through Policy Patrol MFT. 43
5 USERS To disable a user, click on the Disable button next to the user. The user will now be moved from the Active Users list to the Disabled Users list. To unlicense a user, click on the Unlicense button next to the user. The user will now be moved from the Active Users list to the Unlicensed Users list. 5.2 Invite users To invite a new user, go to Users > Invite New user. Enter the First name, Last name, Email address, Suggested user name and message. Click Invite. The user will receive an invitation email. Until the user creates their account, they will be listed in Pending Invitations. To delete a user from Pending Invitations, click on the Delete button next to the user in Pending Invitations. To resend the invitation to the user, click on the Resend Invitation button next to the user. 5.3 Changing Account Information If the user account is synchronized with Active Directory, the user will not be able to make any changes to their account or password since Policy Patrol MFT will use Windows Integrated Authentication and the user can use their Windows password to log onto the Policy Patrol MFT portal. The user will see the following note: Your account is managed by Active Directory. 44
5 USERS If the user was invited to become a Policy Patrol User without Active Directory synchronization, the user will be able to change their password and update their security question, by clicking on My Account. 45
5 USERS In My Information, the user can change their name, company and security question and answer. Click Save to apply the changes. To change your password, go to Change Password. Enter your Old Password and then enter your new password in New Password and enter it again in Confirm password. Click Save to update the password. 46
Chapter 6 Exchange Agents & Rules P olicy Patrol MFT allows you to set central policies to ensure the secure transfer of certain files without requiring any user intervention. Exchange Server Rules allow you to set policies for your email attachments. 6.1 Agent Management 47
6 EXCHANGE AGENTS Note The Exchange Agents node is only visible to Administrators and Compliance Officers. When Exchange Agents are installed they are automatically added to the list. The Exchange Agents are used to run rules on incoming and outgoing emails and are installed on the Exchange Server. For each Agent the Name, Address, and State (Disconnected/Connected) is listed. To disconnect an Agent, click on the Disconnect button. Agents listed in Known Agents have not been registered. 6.2 Agent Rules Policy Patrol allows you to configure rules that specify which email attachments must be sent via secure transfer. This gives you the peace of mind that certain attachments will always be sent via secure transfer, without requiring any action on the user s part. To create a new Rule, go to Settings > Manage Rules and click on the Add Rule button. A rules wizard will appear that will guide you through a number of dialogs. Notice that the bottom pane contains the rule description. This description is updated each time you make new selections. You will be guided through the following dialogs: 6.2.1 General In the General dialog you must enter the Rule Name, Rule Description and select whether the rule is Enabled. When ready, click on the right arrow to go to the next dialog. 48
6 EXCHANGE AGENTS 6.2.2 Rule Users Select the Users for the rule. Select All users to apply the rule to all users listed as Active users in Users > Manage users. Select Selected users if you wish to apply the rule to specific users only. 49
6 EXCHANGE AGENTS 6.2.3 Rule Direction Select the Direction for the rule. You can select Internally Sent, Internally Received, Externally Sent, Externally Received. 50
6 EXCHANGE AGENTS 6.2.4 Rule Conditions In the Conditions dialog you can select which conditions must trigger the rule. If you select multiple conditions you can select Match any of the conditions or Match all of the conditions. For instance if you wish to send all files via secure file transfer that have a sensitivity of Confidential and are larger than 1 MB, you must select Match all of the conditions. If you wish to send attachments larger than 1 MB via secure file transfer, as well as emails that have been marked as Confidential, then you must select Match any of the conditions. 51
6 EXCHANGE AGENTS The following conditions are available: Priority To trigger the rule when a certain message priority is set, select the option Priority. Select the Priorities that should trigger the rule. You can select from High, Normal and Low. Sensitivity To trigger the rule when a certain message sensitivity is set, select the option Sensitivity. Select the Sensitivity options that should trigger the rule. You can select from Normal, Personal, Private and Confidential. 52
6 EXCHANGE AGENTS Attachment Size To trigger the rule only for certain attachment sizes, select the condition Attachment Size. Select whether the size should be Greater Than, Less Than, Between or Not Between. Enter the size and select B, KB, MB or GB. Select the option Add up all attachments, if you wish Policy Patrol to count the total of the attachments, rather than the individual attachment. For instance with this option selected, an email with two attachments, one of 5 MB and the other of 3 MB would trigger a rule with the attachment size condition of Greater Than 7 MB. However if you do not select the option Add up all attachments, each attachment is counted individually and the rule would not trigger. Attachment Count To trigger the rule when a certain number of attachments exist, select the condition Attachment Count. Select Equal To, Greater Than, Less Than, Between or Not Between. Enter the number of attachments that should trigger the rule. Attachment Extension To trigger the rule when a certain type of file is attached, select the condition Attachment Extension. In the File Type Extensions box, enter the email attachment extensions for which the rule should trigger. If you want to enter multiple extensions, separate them by a comma. For instance, if you want to trigger the rule for Microsoft Word documents and pdf files, enter doc, docx, pdf. Note that if this condition is set, the rule will only trigger for the attachment extensions listed. So if you have specified doc, docx, pdf in the File Type Extensions box and an email contains a pdf and an xlsx attachment, Policy Patrol MFT will remove the pdf attachment 53
6 EXCHANGE AGENTS and insert a secure link to the pdf file. The xlsx file will remain as an attachment to the email. To edit a condition that you have configured, click on the edit link next to the condition. 6.2.5 Rule Exceptions In the Exceptions dialog you can select which exceptions should prevent the rule from triggering. 54
6 EXCHANGE AGENTS If you select multiple exceptions you can select Match any of the exceptions or Match all of the exceptions. For instance if you wish to send all files via secure file transfer but not those that have a sensitivity of Normal and are smaller than 1 MB, you must select Match all of the exceptions. If you wish to exclude emails with attachments smaller than 1 MB via secure file transfer, as well as emails that have been marked as Normal, then you must select Match any of the exceptions. The available exceptions are the same as the conditions discussed in the previous paragraph. 6.2.6 Rule Actions In the last step you need to select the secure file transfer options. 55
6 EXCHANGE AGENTS In Authentication Mode, select Standard Authentication or Advanced Authentication. If Standard Authentication is selected, the recipient will be able to download the file without entering a password. If Advanced Authentication is selected, the recipient will first have to enter their Policy Patrol MFT credentials before they can download the file. If the recipient is not yet set up as a Policy Patrol MFT contact, they will receive an email asking them to create an account. Once they have created an account they will be able to download the file. In Send download notification to sender, select Never, First Download, Every Download. If you select First Download, you will only receive an email notification the first time the file is downloaded. If you select Every Download, you will receive an email notification each time the file is downloaded. Select whether you wish to receive a notification is the transfer fails or succeeds. Select When Upload Fails to receive an email notification when the upload fails. Select When Upload Succeeds to receive an email notification when the upload is successful. In Expire After, enter the number of days after which the file transfer must expire. For instance you can select to expire the files in 30 days. When files expire, the sender will still see the files in their Outbox but the recipient can no longer see them in their Inbox (in the case of Advanced Authentication) and if they click on the download link in the email they will see a message saying that their files are no longer accessible. 56
6 EXCHANGE AGENTS In Max downloads per recipient enter the maximum number of downloads per recipient. In Rule Affects, select which type of attachments the rule should apply to. If you select Standard attachments only, the rule will only replace attached files (where the sender clicked on the paperclip icon) with download links. If you select Inline attachments only, the rule will only replace pictures that have been inserted into the email message itself with a download link. If you select All attachments, the rule will replace all attachments and inserted pictures with a download link. Note Inline attachments are pictures or objects that have been inserted in the email message itself. Standard attachments are files that have been attached to the message. When you are ready, click Save to save the rule. The rule will now appear in the Rule list. 6.2.7 Editing a Rule If you wish to edit an existing rule, click on the Edit button. 57
6 EXCHANGE AGENTS After making changes, click Finish to apply the changes to the rule. 6.2.8 Ordering rules If you wish to change the order in which rules are applied, you can click on the up or down arrow next to the rule. 58
59
Chapter 7 Settings T his chapter describes the different settings that can be configured for Policy Patrol MFT, including Email SMTP Settings, Active Directory, My Account settings, Widgets, and Email Templates, Branding, Default Transfer settings, Retention Policy and Anti Virus. All settings are available form the Settings drop down menu. 7.1 SMTP Settings This tab shows your SMTP settings. After installing Policy Patrol MFT you entered the SMTP settings. If you need to make any changes, you can do so from here. In SMTP Host, enter the IP address of the SMTP host. In SMTP Port, leave 25 entered unless you know it uses a different port. Select Enable SSL to specify whether SSL is used to access the configured SMTP host. Select Ignore Certificate if you wish any SSL certificate warnings to be ignored. If the SMTP host requires SMTP authentication you must enter your Domain, i.e. NEWHOUSINGCORP, user name and password. Click Next to continue. 60
7.2 Send Test Email If you wish to send a test email to verify that your SMTP settings are properly configured, you can do this from the Test Email tab. Enter a From and To email address and click on the Send Email button. Note: make sure that the From email address is a valid internal email address. Verify that the email arrives at the To address. If the test email arrives, your SMTP settings are correct. 7.3 Active Directory The Active Directory dialog includes information about the Active Directory Domain controller, synchronization and licensing options. If the Active Directory settings are not correct, an error message will be shown. In Server Address enter the IP address of your Domain Controller. Enter the Administrator username (DOMAIN\Username) and password. This account must have rights to create groups in Active Directory). Select Enable synchronization in order to synchronize any Policy Patrol MFT Active Directory group membership changes. Select Automatically license new users if you wish to automatically license any new members that are added to the Policy Patrol MFT groups. 61
When you are ready, click Update. If everything is correct, you should see a green circle with a check mark followed by: Active Directory synchronization is running. 7.4 Updates This tab displays the Policy Patrol MFT version that is installed. 7.5 Licenses To view current product licenses, go to Licenses. For each installed license, the Key, Type Status and Description will be shown. If the license will expire, the expiration date is provided in the description. To enter your product license, and click on Add. Existing licenses will be listed. To remove an existing license from the list, click on Remove next to the license. 7.6 Widgets Widgets are forms used on your website to allow customers and suppliers to send you files via secure file transfer. For instance, a widget can be used for clients to send confidential and/or large documents to your company. 62
To create a new widget, click on Add Widget. Enter the name for the new widget. In Recipient(s) enter the email address(es) of the internal user(s) who will be receiving the uploaded files. If using multiple recipients, separate the email addresses by a,. In Status, select whether the widget should be Enabled or Disabled. Check the Enable Captcha checkbox if you want to require the submitter to enter the displayed code before the form is submitted and the file is sent. The purpose of the captcha is to avoid automated scripts submitting files through the form. In Host Domain(s) enter the IP address or server name of the Host Domain. Note that the HTML snippet will be created after you create your widget. In Allowed File Extensions you can control the file types sent through the widget. If you enter file extensions in the Allowed File Extensions list, only these types of files can be uploaded through the widget. If no extensions are entered, all file extensions can be uploaded through the widget. Separate multiple extensions by a comma, for instance doc, docx, xls. There are a number of further options available. These options can be fixed (i.e. they cannot be changed by the sender), or they can be editable by the sender. If you wish the files to automatically expire after a certain number of days, in Expire after enter the number of days after which the files must expire. Select Expiration is editable if you wish the Sender to be able to change the expiration setting. If you wish to limit the number of downloads, enter the maximum number in Maximum downloads per recipient. Each recipient will be able to download the file the number of times indicated. Select Editable maximum downloads if you wish the sender to change the maximum number of downloads. If you wish an email notification to be sent to the sender when a file is uploaded successfully, select Send upload success notification. If you wish the sender to be able to edit this option, select Editable upload success notification. If you wish an email notification to be sent to the sender when a file is not uploaded successfully, select Send Upload Failure notification. If you wish the sender to be able to edit this option, select Editable upload failure notification. If you wish to send an email notification to the sender when the files are downloaded, in Send download notification select On First Download, or On Every Download. If you don t want a download notification to be sent, select Never. If you wish the sender to be able to edit the download notification option, select Editable download notification. In Authentication mode, select Standard Authentication or Advanced Authentication. If Standard Authentication is selected, the recipient will receive an email with a unique URL in the email to the uploaded file(s). The advantage of this method is that it is easy for the recipient to retrieve the files. The recipient simply has to click on the link and download the files from a web page. The disadvantage of this method is that theoretically anyone who intercepts the email is able to download the files. Advanced Authentication is a more secure way of sending files. If Advanced Authentication is selected, the recipient will receive an email that they have received a new transfer. They will then need to log on to the Portal and go to their Inbox in order to retrieve the files. 63
When you are done, click Create. The widget will now appear in the list. To copy the HTML snippet that you should include on your website, click on Edit. Copy the HTML code from the HTML snippet box. 64
To preview the form that users will see on your site, click on Preview. Any options that were selected as Editable, will be shown in the Preview. 65
Below is an example of the widget on a website: 66
7.7 Email Templates Policy Patrol includes a number of email templates that are used for notifications. The following email templates are available: Email Template Successful Upload Successful Download Failed Upload Invitation Password reset Anonymous successful download Activation Receive files Signature Anti Virus Sender Notification Anti Virus Administrator Notification Receive Files via Agent Description Notifies that the files were uploaded successfully. Notifies that the files were downloaded successfully. Notifies when the upload for the files failed. Invitation email that is sent when inviting a new User or Contact. Email that is sent when a Contact or User selects Forgot Password. Email that is sent when a recipient downloads files through Standard Authentication. Notifies the new User or Contact to activate the account through the activation link. This email template is used when sending files (for Standard as well as Advanced Authentication). This template contains the company/user signature and can be inserted into other templates by using the merge field [%]Signature[%]. Email that is sent if you check Notify the Sender in Anti-Virus settings. Email that is sent if you check Notify the Administrator in Anti-Virus settings. Text that is inserted into an email when Policy Patrol MFT replaces an email 67
attachment with a secure link If you wish to view or change these notifications, you can do so by selecting an email template from the list. Make your desired changes and click Save. To revert back to the default template, click on Reset to default. 68
You will be able to edit the text and formatting of the email. The following options are available: bold, italic, underlined, font, font size, font color, fill, align left, align middle, align right, justify, bullets, numbered lists, decrease indent, increase indent, format style, insert link, and insert image. A preview of the template is shown in the bottom pane: The following merge fields can be used (depending on the email template): 69
Field name [%]ToNameGeneric[%] [%]FromName[%] [%]FromEmail[%] [%]CreateAccountLink[#]insert link text[%] [%]InitialSenderName[%] [%]TransferSubject[%] [%]DateAndTime[%] [%]FileList[%] [%]FileName[%] [%]DownloadedByName[%] [%]Signature[%] [%]Expiry Dates For Every Attachment[%] [%]Download Authentication Mode[%] [%]DaysUntilTransferExpiration[%] [%]DateWhenTransferExpire[%] [%]RemainingDownloads[%] [%]FileExpirationDate[%] [%]OptionalMessage[%] [%]IpAddress[%] Field Description Name in to To field. Name of the user who sent the transfer Email address of the user who sent the transfer. Link to create a new account Sender name. Subject that was entered for the transfer. Date and Time the transfer was sent. List of the files in the transfer. File name. Person who downloaded the file. Contains the company/user signature as configured in the Signature template under Settings > Email Templates. The date when each individual file in the transfer expires. The authentication mode the transfer was sent with (i.e. Standard Authentication or Advanced authentication) Days until the entire file transfer will expire. Date on which the file transfer will expire. Remaining number of downloads. Date on which the file will expire. The optional message sent at invitation. IP from the machine where the download occurs. 7.8 Email Image Replacement If you select to replace inline attachments with download links, you can choose to replace the removed images with a standard image. If you wish to do so, enter the URL to the image that you would like to display in Update Image URL. 70
7.9 Default Transfer Settings In this section you can set the default transfer settings for all transfers sent from the MFT portal (using the New Transfer form). The settings include authentication mode, expiration settings, allowed file types and download notifications. When the default transfer settings are modified, all transfers sent from that point on will have these options selected by default. Users can still change the transfer settings for each transfer by expanding the Adjust Transfer Settings option in the New Transfer form and modifying the settings. Note that the default transfer settings only apply to the transfers sent through the portal, not to new Email rules or Widgets. 71
7.10 Retention Policy Policy Patrol allows you to configure a file retention policy. If you do not wish to auto-purge files, select Retain files indefinitely. If you wish to automatically purge files that have been expired for a specified time frame, select the option Delete expired files after and select the number of months, days or years. The file deletion will be performed daily at midnight. When expired files have been auto-purged, they will show in the portal with the Status Purged. The download link and expiration settings will no longer be available for the file. The file transfer itself will show as Expired. 72
7.11 Branding In the Branding section you can customize the logo and theme colors of the portal. 7.11.1 Uploading Your Logo In the logo tab you can upload your Logo, favicon and set the Site title: To upload your logo, click on Browse for File and select the logo you want to use. Next, click Upload Logo. To change the Site title, enter the new title and click Update. To go back to the default logos and title, click on Restore to Default for the relevant section. 73
74
7.11.2 Customizing the Portal Theme In the Theme Tab you can set the colors for the portal so that they match your company s logo. To have Policy Patrol MFT pick the matching colors, click on the main color and select a color by sliding the arrows up or down or enter the color code. Click on Generate new theme. The new color scheme will be displayed for each portal element. You can also modify the colors for each individual element. 75
To apply the new color scheme, click on the Update button. Now refresh the page so that the new theme is applied. You can return to the standard color scheme by pressing the Reset to default link. 7.12 Anti-Malware Using OPSWAT s Metascan add-on, Policy Patrol MFT can quickly scan files with multiple antimalware engines before they are uploaded to the MFT portal. By using multiple anti-malware engines, Metascan increases detection rates for all types of malware without the hassle of licensing and maintaining multiple antivirus engines. Metascan can be purchased as an add-on for Policy Patrol MFT, and is available in packages with 4, 8, 12, and 16 anti-malware engines. If needed, more engines can be added up to a total of 30 engines. More information about the different packages can be found on the following page: http://www.policypatrol.com/metascan-for-policy-patrol-mft. To use Metascan, you must first install Metascan, and then enable Metascan in Policy Patrol as described in the steps below. 76
7.12.1 Install Metascan In order to use Metascan with Policy Patrol, you need to install Metascan on your network. Metascan can be installed on the same machine as Policy Patrol, but it can also be installed on a separate machine. To obtain your Metascan trial version, sign up at the OPSWAT portal: http://www2.opswat.com/policy-patrol-mft/metascan-download. Once you have downloaded Metascan, follow the next steps: Note that Metascan requires.net Framework 4.0 or later to be installed on the system. 1. Double-click on the executable. The welcome screen will appear. Click on Start and wait until the Metascan prerequisites are installed. 2. When the Setup Wizard appears, click Next. 3. Select Accept the terms in the License Agreement and click Next. 4. Choose which components of Metascan you would like to install. 77
5. Click Next. 6. Click Install. 7. Click Finish to complete the installation. 8. Go to Start > OPSWAT > Metascan Management Console. The console will open in a browser. You can configure scanning options from Workflow in the top menu. 9. Go to Clients in the top menu. 78
Copy the link from the Metascan Server box for entering in Policy Patrol (see below). Make sure you open the port specified in the URL in order to allow Policy Patrol to remotely connect to this server (in the screen above this is port 8008). Tip: Metascan clients are also available for the Metascan server, allowing you to scan endpoint systems for advanced threats. 7.12.2 Enable Metascan in Policy Patrol After installing Metascan, you must enable Metascan in Policy Patrol. First, make sure that you have version 1.9.2 or higher installed of Policy Patrol MFT. To check which version you have installed, go to Settings > Updates. If you have an earlier version installed, follow the instructions in the release notes to upgrade to the latest version: http://www.policypatrol.com/release-notes/mft/. To enable Metascan, follow the next steps: 1. Go to Settings > Anti-Malware. 2. Select Scan all files (all files that are sent and received on the system are scanned) or Scan files from external sources (files that are sent by Policy Patrol MFT users will not be scanned). 3. Enter the URL of the machine where Metascan is installed. This URL can be found in the Metascan Management Console > Clients > Metascan Server. Make sure that the port in the URL is open (in this example it is port 8008). 79
4. Select actions to be taken when a file is found to be infected: You can select to Notify the administrator, Notify the sender and/or Delete the file. 5. Select actions to be taken when an error occurs while scanning a file: Select to Notify the administrator, Notify the sender and/or Delete the file. 6. When you are ready, click on Update. Policy Patrol MFT will now scan files with Metascan (including email attachments that meet Policy Patrol MFT rule conditions), making sure that files are free from malware before they are uploaded to the system. Note that the notification templates can be modified by going to Settings > Email Templates > Anti-Malware Sender Notification or Anti-Malware Administrator Notification. If a transfer includes multiple files and only one or some of the files are infected, the rest of the clean files from the transfer will still be uploaded. To disable Metascan in Policy Patrol MFT, select Disabled from the drop down list. 80
Chapter 8 Troubleshooting T his chapter describes how to troubleshoot Policy Patrol. If you have a problem you can consult the Policy Patrol online knowledge base, or request support from Red Earth Software. 8.1 Knowledge Base If you have a question or problem with Policy Patrol you can consult our extensive online knowledge base at https://support.redearthsoftware.com. Some of the questions and answers are listed below. If you do not find your answer, please send an email to support@redearthsoftware.com. 8.1.1 How can I permanently delete a file? Only Compliance officers can permanently delete a file. Users can delete files, which will make them invisible to the recipient, but they cannot permanently remove the file from the file server. The file will simply be moved to the Deleted folder. You can also set the Retention Policy to automatically delete files that have expired for a certain number of days. 8.1.2 How can I change my password or security question? Go to My Account. You can change your personal settings, including your password and security question. 8.1.3 How can I change the expiration date of a File Transfer? Click on the Expiration button next to the transfer. If you are the sender of the File Transfer, you will be able to change the expiration date for each of the files in the File Transfer. 81
8 TROUBLESHOOTING 8.2 Contacting Red Earth Software If you require any assistance, please contact us at one of the following offices: Red Earth Software, Inc. Red Earth Software (UK) Ltd 4845 Pearl East Circle, Ste 101 20 Market Place Boulder, CO 80301 Kingston-upon-Thames United States Surrey KT1 1JP Toll-free: 1 (800) 921-8215 United Kingdom Phone: (720) 377 3728 Tel: +44-(0)20-8605 9074 Fax: (720) 554-7950 Fax: +44-(0)20-8605 9075 Sales: sales@redearthsoftware.com Sales: sales@redearthsoftware.co.uk Support: support@redearthsoftware.com Support: support@redearthsoftware.co.uk Policy Patrol is a registered trademark of Red Earth Software. Copyright 2001-2014 by Red Earth Software. 82
Index..NET Framework 2.0 10, 14 K Knowledge Base 81 A Active Directory 21, 22, 61 Advanced Authentication 27 Auto-purge files 72 C Color scheme 75 Contacts 35 D Default transfer settings 71 E Email templates 67 Entering licenses 62 Exchange Email Rules 48 Expiration date 28, 29, 30, 31, 33 F FAQs 81 Frequently asked questions 81 G Google account 36, 37, 38 I Inline attachments 57 Installation 8 L LinkedIn account 37, 38 M Merge fields 69 MySQL 9, 12 N Non-inline attachments 57 Notifications 29 O Ordering email rules 58 P Policy Patrol MFT Administrators 22, 24 Policy Patrol MFT Compliance Officers 22, 24 Policy Patrol MFT Server 10, 24 Policy Patrol MFT Users 22, 24 Purge 32 R Retention policy 72 S Standard Authentication 27 83
U Upload form on website 62 W Widget 62 84