Configure monitored folders

2min
As mentioned in the Overview section of the main page of this administrative guide, file encryption works by having an input folder where you move files to be encrypted and an output folder where you move the files after encryption. This process requires monitoring the Input folder for new file uploads. We support the following folder monitoring methods: KMES-monitored folders and Agent-monitored folders. In both scenarios, encryption occurs on the .
KMES-monitored folders
With -monitored folders, the  mounts to a folder share by using SFTP or CIFS. Then, you create a File Encryption Profile on the  that defines what folder to monitor, the parameters of what to encrypt, and where to save the file after encryption (either locally in a data partition on the  or on a folder share).
Perform the following steps to configure a -monitored folder: 
1
Go to Data Protection > File Encryption and select [ Add ].
2
In the Info tab of the File Encryption Profile window, notice that in the Key mode drop-down list, you can select Version 1 or Version 2. 
If you select Version 1, when you select [ Choose ] in the Key field, you can see and select only File Encryption v1 keys. 
If you select Version 2, when you select [ Choose ] in the Key field, you can see and select only File Encryption v2 keys. 
After entering a name for the File Encryption Profile and selecting a file encryption key, go to the Input tab. 
Refer to the File Encryption Techniques section of this guide to understand the differences between File Encryption v1 and File Encryption v2 keys. 
3
In the Input tab, select a file share in the Source drop-down list.
For instructions on configuring a file share, refer to the  Series 3 user guide.
When you select a file share as the Source, the following fields display: 
Field
Description
﻿
Extension
The  determines which files to encrypt within a directory based on the file extension. In this field, specify a valid file extension (such as .txt, .pdf). 
﻿
Directory
Select [ Browse ], and in the file browser, select the input directory you want the KMES to monitor. 
﻿
Subfolders
Select this checkbox if you want the  to also monitor subfolders in the main input directory. 
﻿
Delete original
Select this checkbox if you want the  to delete the original unencrypted file after the encrypted version of the file is moved to the configured output directory. 
﻿
Exclude
Add the names of all files and folders in the input directory that you want the  to exclude from encryption. 
﻿
Note
Asterisks represent a wildcard character. For example, an exclude pattern could be entered as somedir/someotherdir/*.txt. The path is relative to the input directory. 
﻿
4
In the Output tab, the following fields display if you select a file share as the input source in the previous step: 
Field
Description
﻿
Destination 
In this drop-down list, you can select either Local or a configured file share. If you select Local, encrypted files are stored in a data partition on the  itself, and you can export them by right-clicking the File Encryption Profile and selecting Export.
﻿
Extension 
Specify the file extension you want to use for encrypted files (such as .enc). 
﻿
Directory 
The [ Browse ] button is active only if you selected a file share as the Destination. In this case, select [ Browse ], and in the file browser, select the output directory where you want the  to save encrypted files. 
﻿
Overwrite 
In this drop-down list, you can select either Disabled, Overwrite, or Version. 
If you select Disabled and a file exists in the output directory under the same name, the  does not overwrite the existing file. 
If you select Overwrite, the  overwrites the existing file. 
If you select Version, the  saves versions of files under different names. 
﻿
Include Path 
If you select this checkbox, file headers include the full file path rather than the original file name only. 
﻿
5
Select [ OK ] to finish creating the File Encryption Profile. 
Agent-monitored folders
With Agent-monitored folders, you can deploy an agent (a lightweight application running on a Windows or Linux system) on servers or individual workstations. Then, administrators can configure them on an individual basis by using a GUI-based application or for batch deployment by using a configuration text file. Just as with -monitored folders, you must create a File Encryption Profile on the  that defines what folder to monitor, the parameters of what to encrypt, and where to save the file after it is encrypted. The difference is that the input and output folder locations for Agent-monitored folders are both on the server or workstation that is running the agent.
Perform the following steps to configure an Agent-monitored folder: 
1
Go to Data Protection > File Encryption, and select [ Add ].
2
In the Info tab of the File Encryption Profile window, notice that in the Key mode drop-down list, you can select Version 1 or Version 2. 
If you select Version 1, when you select [ Choose ] in the Key field, you can see and select only File Encryption v1 keys. 
If you select Version 2, when you select [ Choose ] in the Key field, you can see and select only File Encryption v2 keys. 
After entering a name for the File Encryption Profile and selecting a file encryption key, go to the Input tab. 
Refer to the File Encryption Techniques section of this administrative guide to understand the differences between File Encryption v1 and File Encryption v2 keys. 
3
In the Input tab, select Agent in the Source drop-down list. When you select Agent as the Source, the following fields display: 
Field
Description
﻿
Extension 
The agent determines which files to encrypt within a directory based on the file extension. In this field, specify a valid file extension (such as .txt, .pdf). 
﻿
Directory 
Enter the full path to the input directory you want the agent to monitor. 
﻿
Subfolders 
Select this checkbox if you want the agent to also monitor subfolders within the main input directory. 
﻿
Delete original 
Select this checkbox if you want the agent to delete the original unencrypted file after moving the encrypted version of the file to the configured output directory. 
﻿
Requires authorization 
Select this checkbox if you want to require the agent to authenticate to the  with an identity that has been granted File Encryption permissions 
﻿
Exclude 
Add the names of all files and folders in the input directory that you want the agent to exclude from being encrypted. 
﻿
Note 
Asterisks represent a wildcard character. For example, you can enter an exclude pattern as somedir/someotherdir/*.txt. The path is relative to the input directory. 
﻿
Hostname Whitelist 
Add the hostnames of all computers and servers running the File Encryption Agent. 
﻿
4
In the Output tab, the following fields display if you selected Agent as the input source in the previous step: 
Field
Description
﻿
Destination
This field is grayed out because the only supported Destination for agent-based monitoring is on the computer/server running the agent. 
﻿
Extension
Specify the file extension you want to use for encrypted files (such as .enc). 
﻿
Directory
Enter the full path to the output directory where you want the agent to save encrypted files. 
﻿
Overwrite
In this drop-down list, you can select either Disabled, Overwrite, or Version. 
If you select Disabled and a file exists in the output directory under the same name, the agent does not overwrite it. 
If you select Overwrite, the agent overwrites the existing file. 
If you select Version, the agent saves versions of files under different names. 
﻿
Include Path
If you select this checkbox, file headers include the full file path rather than the original file name only. 
﻿
5
Select [ OK ] to finish creating the File Encryption Profile. 
﻿
Updated 26 Jul 2024
Did this page help you?
File Encryption Agent
File Encryption Agent GUI Reference