Data protection rule actions The action performed by a data protection rules is entered on the Reaction tab. By default, the action for all data protection rules is No Action. When combined with the Report Incident option, this creates a monitoring action that can be used to fine-tune rules before applying them as blocking rules. Along with reporting, most rules allow you to store the original file that triggered the rule as evidence. Storing evidence is optional when reporting an incident. Tip: Set the default for all rules to report incidents in DLP Settings. This prevents accidental errors by failing to enter any reaction. You can change the default setting when required. The user notification option activates the user notification pop-up on the endpoint. Select a user notification definition to activate the option. Different actions can be applied when the computer is disconnected from the corporate network. Some rules also allow different actions when connected to the network by VPN. The table lists the available actions other than No Action, Report Incident, User Notification, and Store original file as evidence. Available actions for data protection rules Data protection rule Reactions Additional information Application File Access Protection Block When the classification field is set to is any data (ALL), the block action is not allowed. Attempting to save the rule with these conditions generates an error. Clipboard Protection Block Cloud Protection Block Request Justification Apply RM Policy Encrypt Encryption is supported on Box, Dropbox, GoogleDrive, iCloud, OneDrive personal, OneDrive for Business, and Syncplicity. Attempting to upload encrypted files to other cloud applications fails to save the file. Email Protection McAfee DLP Endpoint actions: Block Request Justification For McAfee DLP Prevent, the reactions are: Block and return email to sender Add header X-RCIS-Action No Action For McAfee DLP Monitor, the only reaction is No Action. Supports different actions for McAfee DLP Endpoint when the computer is disconnected from the corporate network. Mobile Device Protection No Action Currently supported only for monitoring (Report Incident and Store original file as evidence). Network Communication Protection Block For McAfee DLP Monitor, the only reaction is No Action. Storing evidence is not available as an option for McAfee DLP Endpoint. McAfee DLP Endpoint supports different actions when the computer is connected to the corporate network using VPN. Network Share Protection Request Justification Encrypt Encryption options are McAfee® File and Removable Media Protection (FRP) and StormShield Data Security encryption software. Encrypt action is not supported onMcAfee DLP Endpoint for Mac. Printer Protection Block Request Justification Supports different actions when the computer is connected to the corporate network using VPN. Removable Storage Protection Block Request Justification Encrypt Encrypt action is not supported on McAfee DLP Endpoint for Mac. Screen Capture Protection Block Web Protection McAfee DLP Endpoint reactions: Block Request Justification McAfee DLP Prevent reactions No Action Block For McAfee DLP Monitor, the only reaction is No Action Request Justification action is not available on McAfee DLP Prevent.