Protect by Process (previously called as Anchor by Process)
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Protect by Process (previously called as Anchor by Process)

  • Dark
    Light
  • PDF

Article summary

What is Protect-by-Process, and how does it work?

Protect-by-Process (PxP) is a set of features that give you the ability to protect files created by specific applications and processes.

PxP is designed to automate the protection of files created and handled by applications (or processes) that you select. As an administrator you can select which process or groups of processes will automatically create encrypted files for a specific user role. You can also determine whether the file types created by these processes are protected or ignored.

The steps below explain how to configure any application as an PxP application.

Configuring a new PxP application

Step 1 - Select a User Role to edit

  1. In the FenixPyre admin dashboard, go to Settings > User Roles.

  2. Under the specific User Role for which you want to enable Protect-by-Process, click on the vertical dots icon under Actions. Then click Edit.

Step 2 - Add a new Protect-by-Process collection

Click Protect by Process > Collections > Add New.

addNewPXP

Step 3 - Configure Process Level Rules

  1. Under Collection Name, enter a name for the collection.

  2. Next, using the radio buttons, select whether you want to specify PxP processes by name or folder.

    • By name: Files created by processes specifically named will be automatically encrypted. This is recommended when working with a small number of processes.

    • image 23.png

    • By folder: Files created by all processes located in the folder path(s) you have specified will automatically be encrypted. This is recommended when working with many processes or if the processes are subject to change.

    • image 22.png

  3. Enter the path to the folder(s) or the process(es), depending on which radio button option you selected. Note: You cannot add Office applications as PxP applications by folder, you must add them using the process name. This prevents unintended data loss.

Step 4 - Configure File Extension Rules

Select how you want FenixPyre to handle data saved by your selected process(es) and the protected file extensions.

  • Protect: Files with the file extensions you specify in the next step will be protected when they are created, saved, and exported by Protect-by-Process applications. This option tells FenixPyre to protect the chosen extensions and not protect everything else.
  • Ignore: Files with the file extensions you specify in the next step will not be protected when they are created, saved, and exported by Protect-by-Process applications. Ignore tells FenixPyre not to protect the files with those extensions and protect everything else. If one or more of the file extensions in the list is also configured as an FenixPyre Protected file extension, FenixPyre will encrypt the ignored extensions when they are in a protected folder.

Choose which file extensions you want to protect or ignore. You should not prefix extension names with a dot "." when completing this field. Use a comma to separate multiple extensions, e.g., txt, rtf, xlsx.

Step 5 - Configure Collection Rules

  1. Enable compliance mode : This mode enhances data protection and ensures that the necessary encryption standards are applied consistently in line with CMMC requirements. Click here for more information on this feature.
  2. Enforce protection outside of protected folders : Choose whether or not you would like to allow users to save Encrypted data to unprotected plaintext using the Enforce protection outside of protected folders checkbox. Click here for more information on this feature.
  3. Allow a process to open encrypted files in non-protected folders: Use the Allow process to open encrypted files in non protected folders checkbox to allow this application to open encrypted files in non protected folders. Click here for more information on this feature.
  4. Revoke access: Use the Revoke Access option to deny access to files to users who go out of context. Click here for more information on the Revoke Access option.
  5. Hybrid block: FenixPyre does not allow a protected and unprotected file to be open concurrently, to prevent copy/paste of protected data. Click here for more information on the Hybrid Block option.
  6. Return decrypted file size: This option dictates whether FenixPyre returns decrypted file size or encrypted file size when applications request file information using the windows directory listing api call.

Finally, click Add new collection.

Note: After configuring an PxP application, users will see a notification informing them that PxP will encrypt all files created by that application. The notification will be displayed when the PxP application is launched.

pxp_notification

Using wildcards in PxP process paths

Wildcards are very useful if, for instance, you want to add a process in many individual users' desktop folders. You can do this once, for all users, rather than once for each user.
You can use this syntax, C:\Users\%username%\Desktop\example.exe.
FenixPyre will substitute the %username% wildcard for all the different usernames in your organization.

You should be careful to avoid using the %username% wildcard at the end of the path, for example like this, C:\Users\%username%\, because it tells FenixPyre that you want all the applications for all users to be PxP applications. Only do this if you are absolutely sure of what you are doing!

Known Limitations of Protect-by-Process

If I revoke access to a file encrypted via PxP, when will it take effect?

  • If you revoke access to a file encrypted via Protect-by-Process while it is open, FenixPyre will behave differently depending on the application.

  • If the encrypted file is opened with an Protect-by-Process application, the User will still have access to the file until they close it. Only after closing the file will the revoked access take effect.

  • If the file was encrypted via an Admin Approved application, and the file is not open, it will not be accessible the next time the user tries to open it. If the file is open, the user will still have access until they close it. Only after closing the file will the revoked access take effect.

What file extensions are not encrypted by PxP?

PxP will not automatically encrypt the following files extensions.

.dll .exe .bat .rdp .iso .atcf .lib .wbk .msi .ini 

If you want to automatically encrypt any of the above file extensions, you must work with and save them in a protected folder.

Will files encrypted by PxP show comprehensive access logs?

Files encrypted via Protect-by-Process do not show comprehensive access logs. The access logs will only show where the file was encrypted. However, the full logs are still held in our secure cloud.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence