Stormshield Data File
Stormshield Data File can be configured in the filePolicy section of the .json file. The table below describes its parameters. In the SDMC administration console, the equivalent parameters are found in Policies > Features > File.
For more information on configuring this feature, refer to the section Configuring Stormshield Data Filein the Administration guide.
| Parameter | Description | Possible values | SDMC |
|---|---|---|---|
| allowEncryptSmartFile | Indicates whether the user is allowed to create smartFILE files. |
true, false |
Allow creation of smartFILE files |
| allowEncryptionForRecipient | Indicates whether the user is allowed to encrypt files for themself or for a recipient. |
true, false |
Enable file encryption for a recipient |
| allowFileDecryption | Indicates whether the user is allowed to decrypt files. |
true, false |
Enable file decryption |
| allowFolderDecryption | Indicates whether the user is allowed to decrypt folders. |
true, false |
Enable folder decryption |
| allowFolderEncryption | Indicates whether the user is allowed to encrypt folders. |
true, false |
Enable folder encryption |
| allowNetworkDecryption | Indicates whether the user is allowed to decrypt network files. |
true, false |
Enable network file decryption |
| allowNetworkEncryption | Indicates whether the user is allowed to encrypt network files. |
true, false |
Enable network file encryption |
| allowSelfDecryptableFilesCreation | Indicates whether the user is allowed to create self-decryptable files. |
true, false |
Enable creation of self-decryptable files |
| blockedExtensionsOnOpening | Types of files that must first be decrypted before opening. | List of extensions in .ext format | N/A |
| confirmForEachFile | If several files are being encrypted, indicates whether a confirmation is required for each file. |
true, false |
Confirm encryption for each file |
| decryptionList | Specifies the parameters of the automatic file decryption list. To use this list, refer to decryptionList section.
|
Decryption list | |
| encryptHiddenFiles | Indicates whether hidden files must be encrypted. |
true, false |
Encrypt hidden files |
| encryptionList | Specifies the parameters of the automatic file encryption list. To use this list, refer to encryptionList section.
|
Encryption list | |
| exclusionList | Specifies the parameters of the exclusion list. To use this list, refer to exclusionList section. | Exclude list | |
| fileFormat | Format of the encrypted file. |
sdsx, sbox |
Encryption format |
| readOnlyFilesEncryption |
Indicates how to process read-only files. |
treatAsUsual,
askConfirmation,
doNotEncryptBut |
Process normally like standard files, Request confirmation, Notify but do not encrypt, Neither notify nor encrypt |
| autoEncryptDecryptedFolder | Enables or disables automatic Windows encryption on the temporary directory for decrypting .sdsx files (directory C:\Users\[user]\AppData\LocalLow\Stormshield\Stormshield Data Security\Decrypted). |
true, false |
Windows encryption of the decryption temporary directory |
decryptionList section
Files included in decryption lists are automatically decrypted at a predetermined time or when a predetermined event takes place. The following parameters are specified in the filePolicy.decryptionList section of the .json file.
| Parameter | Description | Possible values | SDMC |
|---|---|---|---|
| askConfirmation |
Indicates whether a confirmation is required before automatic decryption. |
true, false |
Ask confirmation before performing automatic decryption |
| displayReport | Indicates whether to display a report after automatic decryption. |
true, false |
Display report after performing automatic decryption |
| files | List of files to decrypt automatically.
|
Files decrypted automatically | |
|
path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example: "files": [
{
"path": "path1"
},
{
"path": "path2"
}
]
|
String | File path | |
| folders | List of folders to decrypt automatically.
|
||
|
path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter. |
String | Folder path or mask | |
| recursive: Indicates whether sub-folders are included in the decryption list. |
true, false |
Include sub-folders | |
| masks | List of masks to decrypt automatically. To indicate several masks, this parameter must be used several times. See the "files" parameter.
|
||
|
path: Mask path. To indicate several masks, this parameter must be used several times. See the "files" parameter. |
String | Folder path or mask | |
| recursive: Indicates whether sub-folders are included in the decryption list. |
true, false |
Include sub-folders | |
| onConnection | Decrypts the list of files upon connection to SDS Enterprise. |
true, false |
Decrypts automatically upon connection to the SDS Enterprise account |
| onScreenSaverOver | Decrypts the list of files when screensaver stops. |
true, false |
Decrypt automatically when screensaver stops |
| onSessionUnlock | Decrypt the list of files when unlocking session. |
true, false |
Decrypt automatically when unlocking session |
encryptionList section
Files included in encryption lists are automatically encrypted at a predetermined time or when a predetermined event takes place. The following parameters are specified in the filePolicy.encryptionList section of the .json file.
| Parameter | Description | Possible values | SDMC |
|---|---|---|---|
| askConfirmation |
Indicates whether a confirmation is required before automatic encryption. |
true, false |
Ask confirmation before performing automatic encryption |
| displayReport | Indicates whether to display a report after automatic encryption. |
true, false |
Display report after performing automatic encryption |
| files | List of files to encrypt automatically.
|
Files encrypted automatically | |
|
path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example: "files": [
{
"path": "path1"
},
{
"path": "path2"
}
]
|
String | File path | |
| fixedTimesInSeconds | List of times at which files are automatically encrypted. Expressed in number of seconds from 00:00. For example, 1:30 a.m. is represented by a value of 5400. | List of positive whole integers | N/A |
| folders | List of folders to encrypt automatically. | ||
|
path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter. |
String | Folder path | |
| recursive: Indicates whether sub-folders are included in the encryption list. |
true, false |
Include sub-folders | |
| intervalMinutes | Frequency with which files are automatically encrypted. Expressed in minutes. | Positive integer. | Automatic encryption frequency |
| masks | List of masks to encrypt automatically.
|
||
|
path: Mask path. To indicate several masks, this parameter must be used several times. See the "files" parameter. |
String | Folder path or mask | |
| recursive: Indicates whether sub-folders are included in the encryption list. |
true, false |
Include sub-folders | |
| onDisconnection | Enables list when disconnecting from SDS Enterprise. |
true, false |
Encrypt automatically when disconnecting from the SDS Enterprise account |
| onScreenSaverStarted | Enables the list when screensaver starts. |
true, false |
Encrypt automatically when screensaver starts |
| onSessionLock | Enables the list when locking the SDS Enterprise session. |
true, false |
Decrypt automatically when locking session |
exclusionList section
Using an exclusion list, you can exclude some files to prevent them from being encrypted by mistake. The following parameters are specified in the filePolicy.exclusionList section of the .json file.
| Parameter | Description | Possible values | SDMC |
|---|---|---|---|
| displayWarning | Indicates whether a warning window must be displayed if an operation could not be completed because of the exclusion list. |
true, false |
Display warning when encryption is rejected |
| files | List of files to be excluded from encryption.
|
Files excluded from encryption | |
| askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded files. |
true, false |
N/A | |
|
path: File path. To indicate several files, the “files” list must contain several objects, each with a different “path” property. For example: "files": [
{
"path": "path1"
},
{
"path": "path2"
}
]
|
String | File path | |
| folders | List of folders to be excluded from encryption.
|
Folders or masks excluded from encryption | |
| askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded folders. |
true, false |
N/A | |
| path: Folder path. To indicate several folders, this parameter must be used several times. See the "files" parameter. | String | File path | |
| recursive: Indicates whether sub-folders are included in the exclusion list. |
true, false |
Include sub-folders | |
| masks | List of masks to be excluded from encryption.
|
Folders or masks excluded from encryption | |
| askForConfirmation: Indicates whether confirmation must be requested for the encryption of excluded files. |
true, false |
N/A | |
| path: Path of the mask with the "*.ext" extension to apply the mask. To indicate several masks, this parameter must be used several times. See the "files" parameter. | String | File path | |
| recursive: Indicates whether sub-folders are included in the exclusion list. |
true, false |
Include sub-folders | |