Managing Host Data – Definitive Data Security

This article explains SSProtect-managed content using the Managed Files/ Restore interface.

Introduction

You can add data to the protective scope of SSProtect many different ways, and one common method uses the context menu available from File Explorer. Right-click a plaintext data file, then choose SSProtect Activate. Your target file will then be protected, as evidenced by the resulting Red icon overlay that appears when the operation is complete (though in some cases the overlay may be Yellow).

As you add and remove files, you can review your Working Set by accessing the Managed Files/ Restore display that is available from the context menu of the notification tray's SSProtect icon:

Hostlist-10.7.1.png

Hostlist

The initial rendering of the Managed Files/ Restore display - the Hostlist - lists data items actively managed by your Account on the current host computer and within the Windows Account from which you are working. This list doesn't reflect every item you've ever managed, only the list of items you've protected and haven't since Removed in the current Environment.

Environments

The Hostlist displays your Working Set for the specific Environment you're using. The Environment is specific to the host computer and the Windows Account you use to access the Windows Desktop. The Hostlist is often different when you use your SSProtect Profile across different host computers (and perhaps with different Windows login credentials). For more information, refer to the article, Environments.

Navigating Views: Versionlist and Archivelist

Use the buttons on the upper right of the file enumeration to switch from the Hostlist View to a detailed Versionlist and/ or Archivelist. The Versions... button uses the active selection to show you the history - and individual versions - of a managed item, whereas Archive... transitions to a list of all the items you've managed using Double or Hybrid Conversion.

Both views provide insight into :Recover Archive details, described in the article, Managing Archive Data. Note that most of the basic features, such as sorting*, filtering, and folder navigation, are commonly available in each of the Views. Also note that content is NOT refreshed when you navigate from one view to another. Use each panel's associated Refresh button to update content.

* Sort by clicking one of the column headers, though note that the Versionlist always displays file usage history - and Versions - in descending order, newest to oldest.

Context-based File Operations

In each View, you can choose one or more files from the List, then click active buttons to perform a variety of actions described below. Button state will transition based on context and availability. For example, the Versions... button only permits a single selection, thus transitions to disabled when a second item is added to the selection set. In other cases, specific choices preclude certain operations, for example choosing a file that hasn't been stored in the Archive disables the Restore button.

Multi-Select Operation

When you choose multiple files, button context reflects only the state of the last selected file in the selection set - which may be the file at the top of the list if you choose the lower bound first, then the upper bound (while holding the Shift key; use the Ctrl key to add individual items, creating a, "scattered" selection).

Navigating Multi-Select Context

If you wish to perform a single operation, such as Restore, on a set of files, and after choosing your selection set the button remains gray/ disabled, reverse the selection order (choose the top item first, then the bottom item, or vice-versa) or choose one less item in the set until you achieve the desired state. You can then follow with individual items to investigate causes for disabled target button state(s).

Hostlist Scope

The Hostlist, as noted, displays your Working Set of managed files for your specific Environment.

Exclusive vChains

Excl vChains determines whether or not the Hostlist displays all managed items or only the most recently used instances of a Version Chain. This is more fully explained in the article, Version Chain Policy. Toggling this checkbox re-displays the Working Set according to the chosen setting.

Catalog Details

Cat Details is by default unchecked, suppressesing display of Catalog Index and Data Files from the listing. When checked, Native (Owned) Catalog details will be enumerated. This is helpful since Catalogs generally contain a large number of individual files managed by the single Trigger File as described in the article, Catalogs.

Note that Cat Details is disabled if you don't have any managed Catalogs to display, and details are only available when the Catalog is in a managed, protected state (though the Trigger File is always displayed). For more insight, review the Hostlist Exception States, below, and details in the article, Catalogs.

Removing Items from the Hostlist

Remove in the Hostlist takes the selected file(s) out of the list, though content remains protected (where applicable). Note that the Explorer Overlay Icon will turn from Red to Yellow for such files, indicating that content is no longer natively managed by your Account. If you subsequently open/ close the item, resulting in secured access, it will then be re-added to your local Hostlist and the Explorer Overlay Icon will change back to Red.

If you've checked Excl vChains to utilize the Exclusive Hostlist enumeration as described in the article, Version Chain Policy, Remove may result in Hostlist enumeration with previously suppressed items. These are the managed instances that have File IDs matching those that are no longer displayed. As such, you may need to repeat this operation one or more times to achieve your desired result.

Date/ Time

Each listed file includes a Date/ Time, which is presently displayed using UTC to retain consistency with reports and other date/ time values. However, the resulting value may not be as expected.

Consider, for example, a (Missing) file, as depicted by the State column which, as noted below, indicates that a Protected file may have been removed during a period of time that SSProtect was not running (not to be confused with the lack of an active Login Session). In such cases, the Date/ Time value is as a result taken from the timestamp of the last known managed Version in the target file's historic progression.

Suppose you then Restore the file, and observe a Date/ Time value that's older than that for the previous (Missing) State. If you navigate with Versions... (using the file in question as the selection), you will probably find that the latest Version of the file happened to be, "created" by a sharing peer. As such, the Date/ Time you see after Restore matches the last qualified Version you can access, which will most often be the last Version you create (by saving/ closing the managed item).

Hostlist Standard States

As noted above, the State column provides insight into managed content, with typical and standard States as follows:

Protected - In an expected encrypted state, requiring authorization to access
(Deleted) - A Protected file deleted from the local Host, or renamed
(Honeypot) - A managed file serving as a Honeypot for access notification*
(Opened) - at present being securely accessed in an Application
(Released) - A Protected file subsequently removed from protective scope

These Standard States are the result of normal, typical and straightforward operations on managed content, usually when the Owner is carrying out actions with an active Login Session.

* Only available when Honeypot controls are enabled. See the article, 2nd Generation Honeypots, for more information.

Hostlist Exception States

Protected content will sometimes transition through abnormal or unexpected Exception States. The most basic Exception States include:

(Missing) - A Protected file missing though not due to monitored/ recognized rename/ delete
(Changed) - A Protected file has been modified in a way not immediately clear to the :Foundation Client
(No Access) - Inaccessible: Unable to verify stored item State against expected internal State

The (No Access) State is rare, and it indicates that the :Foundation Client cannot access a file last known to be Protected. This warrants further investigation by reviewing Host Debug Logs and :Assess Report data.

(Missing) and (Changed) States are not terribly uncommon, and somewhat related. (Missing) means a Protected file isn't present when you, the Owner, establish your SSProtect Login Session. You can achieve this State by terminating your Login Session then deleting the file and returning to the Hostlist display. By comparison, if you perform the delete operation with a valid Login Session, you achieve the Deleted State.

You can reach the (Changed) State by continuing the progression from (Missing) - re-establish your Login Session, verify the (Missing) state in the Hostlist view, then restore the deleted file from the Recycle Bin. Refresh the Hostlist view and you will see the new (Changed) Exception State for the target file.

Note that the (Changed) State isn't intended to provide certain claims about the content of the target file, rather indicates that the target file's state may be different as a result of uncertainty. Consider the progression, above, and instead of restoring the file from the Recycle Bin you acquire a protected instance of the file from another host or email attachment. In this latter case, there is no way to know if the file's content represents the latest securely saved version, whether it maintains the Integrity of those results, if the replacement file is a previous Version or even the same file at all. Though SSProtect performs Integrity Validation and can provide such assurances, the Hostlist is a more generic enumeration mechanism that aims to quickly provide insight into the state of your, "Working Set", i.e. content you are actively managing in the given Host/ Windows Account context.

Hostlist Dynamic States

Dynamic States are generally the result of manipulating Protected content while operating outside the purview of an Owner Login Session. Version 10.6 introduces changes to these monikers as follows (previous monikers are listed further below):

(DelCphTxt) - Deleted item present in a Protected State (happens w/ Peer delete then undelete)
(DelPlnTxt) - Deleted item present in a form not recognized as a Protected State (likely plaintext)
(ChgCphTxt) - Protected Item present in a different Protected State (replaced w/ older Version)
(ChgPlnTxt) - Protected item present in a form not recognized as a Protected State (plaintext)

Dynamic States represent common situations, though cannot be deterministically deduced to something more meaningful only because of the slight chance for significant variations that the Owner's Account does not, "see" or monitor (else the resulting State would be one of those already noted). For this reason, subsequent analysis of Host Debug Logs and :Assess Report data often provide insufficient details, though direct use and/ or :Respond Analysis provides much more specific and certain insight.

Monikers for versions prior to v10.6 are as follows:

(DelNewPro) - Deleted item present in a Protected State (happens w/ delete then undelete)
(DelNewTxt) - Deleted item present in a form not recognized as a Protected State (likely plaintext)
(UnkNewPro) - Protected Item present in a different Protected State (replaced w/ older Version)
(UnkNewTxt) - Protected item present in a form not recognized as a Protected State (plaintext)

Account Quota

On the bottom left of the display, you'll see a basic Quota summary showing the amount of stored space used against the total space available. If you are not using :Recover, this may read 0 MB of allocated space. It could however hold a positive value if you were at one time using :Recover, even if you aren't when displaying the present instance - Archive data is retained independent from enabling/ disabling :Recover.

Also note the Retaining reference. This is specific to Retention Policy, which along with :Recover KODiAC Cloud Archive details is further described in the :Recover Section, with Retention Policy detailed in the article, Archives, Quotas, and Retention Policy.

Sorting Columns

When you first pull up this display, files are listed by Date/ Time in descending order. Click any column header to sort by its' content, and click a second time to reverse the sort order. You can perform the same actions with the Archivelist (but not the Versionlist, as noted).

Managing Active Files
On the top left, above the file list, you'll see a row of buttons, which do the following:

Clean - Removes unprotected/ unopened items from the list
Opt Filter - Optimizes the Adaptive Filter, explained below
Remove - Removes the selected file(s) from the list (does not unprotect)
Refresh - Updates the list to reflect changes since originally displayed

Cleaning the Hostlist

When you execute a Clean operation, you are removing file entries for items no longer Protected/ Managed by SSProtect. The software will not remove these items independently - you must manually Clean (or Remove each one) else the item will remain in the Hostlist.

Cleaning the Shared List

When you perform a Clean operation, you will be prompted to remove the, "Shared List" and as a result be taken through a Refresh Login to establish a new SSProtect Login Session.

The Shared List is not displayed except in very specific and rare conditions (which requires coordination with Support and special, coordinated steps). This is the internal set of records used to maintain oversight of stored content that has been created and possibly shared by other SSProtect Users. This also includes Placeholder records, internal state to ensure that manipulation of shared content doesn't inadvertently assign Ownership to your Account.

In most cases, you can choose No to bypass this prompt. If troubleshooting, this is one place to check before calling for additional help.

For details, contact Support as noted at the end of this article.

Filtering for Content

You can limit any View by entering text in the Filter edit control, then pressing <Enter> or clicking Filter. All files that have an exact matching set of characters, in the same order however NOT case sensitive, will be displayed - other items will be masked. If you navigate to a different List, keep in mind that your Filtering entry remains intact, which can be momentarily confusing. Choose Clear to restore the full List for the given View.

Default Folder

The Default Folder is used when a target folder cannot be found or created, as required by an operation. For example, Restore attempts to place a target item in its' last known folder, and if it doesn't exist (and can't be created), the file is instead placed in the Default Folder.

This is also the folder that hosts non-native Replicate operations (a folder structure you can then move). It also serves as the default starting point for Reports, Keyfile Export, User Export, and other operations that store content on your behalf (with your interactive guidance).

Most importantly, your Default Folder serves as a point of indirection when using your Profile on multiple host computers (see below).

IMPORTANT: Your Profile's Default Folders are specific to each host, automatically handled as you make changes from different computers.

Dynamic Default Folder

Dyn Default allows you to associate a portion of your managed content's path for redirection when you use your Profile (and associated/ managed content) to work on another host computer.

Consider for a moment that you've created data in D:\Data, then decide to Login to SSProtect on another host computer. What if it doesn't have a D:\ volume for you to use?

This case is of course handled by Remote Deployment, simplified when using Dynamic Default Folder Redirection. This allows you to dynamically associate the original D:\Data Default Folder with a different location on other host computers - perhaps C:\Data - and continue working with content in native form.

Note that your Account/ Profile uses a unique Default Folder for each target host computer (but not for each Windows User context). For more information, refer to the article, Environments.

Additional information can also be found in the article, Remote Profile Deployment.

Adjusting the Default Folder

You can change a Dynamic Default Folder using the (context-specific) Adjust... button. This remaps the items stored in your existing Default Folder, which requires (automatically-executed) Refresh Login.

If you wish to relocate managed content while using a Dynamic Default Folder, perform the following:

Adjust... to choose the target Folder where you want content to reside
SSProtect will execute Refresh Login - before you submit your Credentials to Login, manually relocate content from the pre-existing Default Folder to the new target you picked with Adjust...
Login to SSProtect then revisit the Managed Files/ Restore Hostlist to verify that relocated content shows as, (Protected) rather than, (Missing)

Open Folder

Select a file then choose Open Folder to open File Explorer for the managed item. If the target file does not exist, SSProtect will attempt to open the last known folder in which the file was located. If this folder is not available, File Explorer will render the Default Folder. This is helpful for quickly navigating to items, both before and after Restore operations.

Restoring Files

When using :Recover, you can select one or more files then choose Restore (all Views) or Replicate (Archivelist) to Recover managed content.

Replicate differs from Restore in the way target location is determined and carried out. Details are available in the article, Restoring and Replicating.

Honeypots

When Honeypots are active, the primary Hostlist display contains two checkboxes at the top - one to Show Honeypots Only, and one labeled Honeypot to enable/ disable Honeypot behavior for a managed file. For more information, refer to the article, Deploying Honeypots.

Issues

Certain operations, though typically straightforward, can become complicated with very simple modification. Check your Host Debug Log for details related to each operation, as described in the article, Accessing Host Debug Logs.

Additional Resources

You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.

In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.

This article was updated w/ v10.7.1 of the :Foundation Client

{[{category.name}]}