Jetico Central Manager - User Manual

BestCrypt Data Shelter extends Jetico Central Manager with centralized data access control for sensitive folders on managed client computers.

It helps organizations protect data inside the trusted perimeter by controlling which users and applications may access selected folders, even when those users, applications, scripts, or tools already operate within the corporate environment.

1. Centralized deployment and management
   Deploy BestCrypt Data Shelter to managed client computers and control folder protection settings from Jetico Central Manager.
   
   
2. Folder-level protection for sensitive data
   Select folders that contain sensitive or business-critical data and protect them from unauthorized users, applications, scripts, and processes by enforcing company-wide protection policies.
   
   
3. Access control inside the trusted perimeter
   Limit access to sensitive data within the corporate environment, where trusted accounts and internal tools may otherwise have broader access than required.
   
   
4. Default-deny access model
   Protect selected folders by allowing access only to explicitly permitted users and applications. Access attempts that do not match the configured rules are blocked.
   
   
5. User- and application-based protection rules
   Define which users and programs are allowed to access protected folders. Rules can include local users, domain users, signed applications, WRPS-protected Windows components, and explicitly selected programs.
   
   
6. Reusable protection policies and rules
   Create protection policies that combine protected folders, access rules, and policy-wide settings. Reuse rules across multiple folders and apply policies to individual computers or computer groups.
   
   
7. Policy creation from real client activity
   Use a representative client computer to build practical protection settings based on file types, folder access history, or manual local configuration, then import the result into JCM.
   
   
8. Protection against indirect access through related processes
   Strengthen application-based access control by requiring related processes that interact with allowed applications to also be trusted, signed, or protected by Windows Resource Protection Service.
   
   
9. Quarantine for changed executable files
   Detect changed executable files that try to access protected folders. Data Shelter can temporarily block such programs and place them in quarantine until they are reviewed.
   
   
10. Protection against suspicious encryption activity
    Detect and respond to suspicious encryption behavior, including attempts to encrypt disk volumes or files in protected folders. JCM can receive reports about detected encryption attempts.
    
    
11. Centralized logging and activity review
    Collect Data Shelter events in JCM, including policy changes, access denied events, and access granted events. Review activity logs for selected computers and investigate warnings or errors.
    
    
12. Computer-level exceptions and troubleshooting
    Configure individual Data Shelter settings for selected computers when needed for testing, local policy preparation, exceptions, or troubleshooting.