Screen Capture Protection rule page Screen capture protection rules control data copied and pasted from a screen. To use screen capture protection rules, verify that the Screen Capture Service in the Policy Catalog client configuration on the Operational Mode and Modules page is activated. (The service is activated by default.) Specify the screen capture applications supported on the Screen Capture Protection page. Table 1: Option definitions Category Option Definition Rule options Rule name Enter a unique name for the rule. This field is required. State Select Enabled or Disabled from the drop-down list. You can also change this parameter on the DLP Rule Set page by selecting a rule or rules and selecting Actions → Change State. The default is Disabled. Severity A relative measure of the gravity of violating this rule. The default is Warning. The color code that also appears in the DLP Incident Manager is displayed next to the field. Enforce on Selects the McAfee DLP product enforcing the rule. This rule type is only supported on McAfee DLP Endpoint for Windows. Condition tab / Exceptions tab Note: All fields in this section are required. The default ALL can be used instead of a defined parameter. Actions (Exceptions tab only) Adds or deletes a rule exception. Name (Exceptions tab only) Enter a unique name for the exception. This field is required. Description (Exceptions tab only) Optional descriptive text. State (Exceptions tab only) Select Enabled or Disabled from the drop-down list. The exception state is independent from the rule state. Classification Note: Screen capture protection rules do not check content classification criteria. Use content fingerprinting criteria when defining classifications used with screen capture protection rules. Use the is any data (ALL) option to bypass applying a content classification, or use the is one of (OR) or is all of (AND) options to select predefined classifications. You can use the + icon to add multiple classifications, and define their relationship with the and/or option. End-User Select a user group from the drop-down list. Using the + icon, you can select multiple groups using AND/OR logic. You can exclude groups using the Exceptions tab. Include at least one group before excluding any groups. Applications Select the application or browser. Reaction tab DLP Endpoint Data protection and device protection rules have a granular Action definition. You can define different actions for the following: Computer connected to corporate network Computer disconnected from the corporate network Action Select an action from the drop-down list. The default is No Action. Note: Selecting No Action with Report Incident is sometimes referred to as Monitor. For a list of prevent actions for different types of rules, see the available reactions table. User Notification User notification definitions are stored in the DLP Policy in the Policy Catalog. Select a predefined definition, or click New Item to create one. Report Incident Select the checkbox for the rule to trigger a DLP incident. Store Original File Select to store the original file as evidence. If the hit highlighting option is enabled for the evidence server, the trigger text is highlighted and stored as a separate file.