Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 24 Current »

This page is a guide for installing server and client-side tools of the GEODI Classifier.

Installation of a Manual/Automatic classification project takes 1 to 2 hours. If you have no previous classification tool, you can instantly start with ready classes. You can change or customize all rules for a specific group or condition. There is only one agent, and agent software and policy updates are automatic.

You can monitor agents using our agent panel. To monitor classification activities, you may use the built-in log panel or a SIEM.

Training material for end-users is provided in GEODI 121 - Classification tools User Training - geodi-en - Confluence and GEODI Classifier Office and Other Plugins User Guide - geodi-en - Confluence.

Installation Roadmap

Checklist

Follow the steps for Classifier installation

  • GEODI Server must be installed
  • Activate Classification Module
  • Activate Default Classes and Policies
  • Ignore mail signatures (by a dictionary or mail server settings)
  • Generate Agent MSI Package
  • Sample Agent installation to selected clients
  • Activate agent monitor panel
  • Activate log analysis panel
  • Interim review
  • Modify Class and Policies
  • Closing
  • Deploy Agents to all clients

Frequently Asked Questions

Classification Issues

 Can we disable automatic classification for a specific group?

  • Yes, with GEODI Classification Policy Manager, you can create variations based on groups, individuals, IP addresses, and software (Word, Excel, etc.). It can be set to automatic only for one user group, manual only for others, or disabled for a specific user group if needed.

  • Changes in rules will take effect on clients approximately 10 minutes after modification.

  • GEODI Classifier Label/Tag Definitions

 Can I perform batch classification?

  • Yes, query the target and choose “Batch Classification” from GEODI facet area. Files form Folder, FileServer and GDE(PCs) will be included. Labels will be written to the respective files or as alternate data streams (ADS).

  • GEODI Classifier Batch Classification

 What does Semantic Classification mean?

It is the classification of files discovered in GEODI based on query results.

GEODI discovers IBAN, Credit Card and also money, document type, date or and the document type. The class secret rule may contain Money>1M TL. GEODI recognizes money with many different forms. This is a an example of semantic classification. Similarly, the class:classified may contain a rule “if a contract”. GEODI understands whether a document is a contract with AI.

 Does the date of the classified documents change?

No, GEODI classification tools preserve the file date.

 Can we classify files discovered with GDE on remote PCs in-place?

If you have a Classification license for documents coming to the GEODI server through GDE, you can query and classify documents through GEODI ES, performing the classification on the source machine. The machine where the classification will take place must have our Classifier and GDE solutions installed.

 Can databases be classified?

There is no concept of writing labels to databases. However, GEODI classification tools can report the classification of a database record and enable you to take action based on this report.

 Can internal e-mails in an organization(same domain) exluded from classifcation?

Yes, in the GEODI Classification Management Interface, you can optionally exclude emails sent by users within the same domain from classification.

 Can Header/Footer and Watermark be multilingual?

  • Yes. You can define multiple languages.

  • The language is chosen by machine language.

  • You can use values like usernames in these settings.

  • You can define multiple lines.

  • GEODI Classifier Label/Tag Definitions

 Is 'Allow Class Lowering' permitted?

  • Depending on policies, you can allow or prohibit class lowering for all or specific sets of users.

  • You can also use the rule that prohibits giving a class below automatic classification.

 How do I exclude email signatures?

E-mail signatures contain the sender's PII information. To ignore this, you must either change e-mail server settings or prepare a dictionary. GEODI Classifier - Class and Policy settings - geodi-en - Confluence (atlassian.net) page explains how to do it.

The method used for Exchange servers, please provide https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/disclaimers-signatures-footers-or-headersthe link.

IT and Licence Issues

 What is the format for classification log

The result format can be a DB, syslog, CEF, or CSV.

You may use a SIEM or Log Analysis Panel to monitor and analyze the logs.

GEODI Classifier Log Analysis Panel and Classifier Project

 How will the agents deploy?

  • You can use ManageEngine, PDQ, SCCM, or a similar tool. The GEODI Classification solution automatically generates the MSI and parameters required for agent deployment. Agents check updates every two days.

  • If there are few machines, you can manually run the MSI.

  • Agents are monitored from a panel. Agent Management Panel

GEODI Classifier Windows Client Installation

 Can the uninstall or deactivation of agents be prevented?

Yes, by default, Windows users cannot remove or deactivate Office plugins.

 Do agents strain the endpoint?

No, the GEODI Classification and GDE (Discovery) agents are designed to impose minimal load on the endpoint/client machines.

 How long does it take the policy changes take effect on the clients?

Clients will be updated automatically and within approximately 10 minutes.

 Can Classification Add-ons work offline

Yes, offline is possible for add-ons

  • The add-ons must at least once access to GEODI server to get the policies

  • Only Manual classification is possible. The automatic classification is not available.

  • Rules from the last connection are used.

  • Logs are accumulated and transferred when a connection to the server is established.

 How are files without label support classified?

  • Files without label support are classified using the ADS (Alternate Data Stream) method for files other than PDF and Office documents.

 How can see ADS labels?

ADS(Alternate Data Stream) is an NTFS feature. To list it, use the “dir /r" command.

ADS labels are a feature of the NTFS filesystem and may sometimes not be preserved.

  1. Labels are preserved

    1. Rename the file

    2. Change file extension txt → log - mp4 → avi

    3. Copy the file to another NTFS filesystem with or w/o the GEODI classifier installed.

  2. Labels are not preserved

    1. The file is copied through RDP, Wetransfer, or similar ways.

    2. The file is copied to non-NTFS filesystem

    3. The file is carried in a compressed file (Rar/zip=

    4. The file is attached to an e-mail

Compatibility Issues

 Can I use two classification solutions simultaneously?

Yes, GEODI can adapt to the labeling scheme of an existing classification tool. This allows you to continue using both simultaneously without additional work on the DLP side.

 Can classification be performed in Linux, Mac, or SharePoint environments?

The GEODI classification solution works on Windows computers. Data discovery can be performed on Linux, MacOS, or SharePoint.

 Can GEODI Classifier understand documents classified with a different classification tool?

Yes. As long as the labeling scheme is the same, it doesn't matter which tool was used for the classification. The GEODI classification tool understands the class of a previously classified file and behaves according to policy settings.

 Is GEODI Classifier compatible with MIP(Microsoft Information Protection) labels.

Yes. GEODI Classifier is compatible with MIP and other schemas as well.

Troubleshooting

 If office extensions or desktop classification is not active

  • The client installation should be verified.

  • Clients must access to GEODI at least once

  • The validity of the GEODI token should be checked.

 Automatic Classification is not active.

There is no access to the GEODI server, or automatic classification may be disabled in the policy settings.

 Classification is taking a long time.

Automatic classification may take a long time due to network traffic, server load, and file sizes. GEODI reads the file content for auto-classification. Opening with Word or Excel may also take a long time.

 Email signatures are recognized as personal data
 Classification agents and Add-ins cannot see the GEODI server.

  • If GEODI is closed,

  • If the GEODI port is not open

If add-ons at least once accessed the GEODI server and got the policies:

  • Only Manual classification is possible. The automatic classification is not available.

  • Rules from the last connection are used.

  • Logs are accumulated and transferred when a connection to the server is established.

 How to send a large number of emails simultaneously, like Mail Merge?

Under normal circumstances, a classification pop-up opens for each email. To prevent this in bulk emails, you need to add the %AutoClass% expression to the email body or Word document for mail merge. The sent emails will be automatically classified without opening a pop-up.

Alternatively, you can create a separate classification policy for Outlook/OWA.

 Classification Agents are not updating automatically.

The classification agents automatically check whether the server has an up-to-date version every two days. Access to documents.decesoftware.com should be provided for this control and automatic update process. If access is available but automatic installation is not occurring, firewall settings should also be checked.

 Outlook mails has label but no header or footer

Check “Cash Mode” to true in users “Exchange Account Settings”.

  • No labels