# Advanced Settings

Advanced Settings define the global monitoring parameters applied across audit reports and device policies in GuardWare INSIGHT. They function as the central control point for how monitoring is configured and enforced across the organisation.

These settings determine how INSIGHT operates on end-user devices, including the methods used to monitor the movement of sensitive data, the applications, URLs, and file extensions that are included or excluded from monitoring, and the configuration of communication between devices and the server.

## Reference Table

The table below provides an overview of every Advanced Setting and what it does.

<table><thead><tr><th width="269">Section</th><th>What It Does</th></tr></thead><tbody><tr><td><a href="#report-upload-and-communication-settings"><strong>Report Upload &#x26; Communication Settings</strong></a></td><td>Controls the intervals, durations, timeouts, and bandwidth settings for uploading reports and downloading policies and commands.</td></tr><tr><td><a href="#applications-monitored-at-network-level"><strong>Applications Monitored at Network Level</strong></a></td><td>Lists applications monitored for sensitive data uploads at the network level.</td></tr><tr><td><a href="#ip-address-monitored-at-network-level"><strong>IP Address Monitored at Network Level</strong></a></td><td>Lists IP addresses included or excluded from network-level monitoring.</td></tr><tr><td><a href="#applications-with-monitored-ssl-traffic"><strong>Applications with Monitored SSL Traffic</strong></a></td><td>Defines which applications have their SSL traffic monitored when network monitoring is used.</td></tr><tr><td><a href="#websites-with-monitored-ssl-traffic"><strong>Websites with Monitored SSL Traffic</strong></a></td><td>Defines which websites have their SSL traffic monitored using certificate common names.</td></tr><tr><td><a href="#applications-with-monitored-keystrokes-and-copy-paste"><strong>Applications with Monitored Keystrokes and Copy/Paste</strong></a></td><td>Specifies applications where keystroke and copy/paste activity is monitored or excluded.</td></tr><tr><td><a href="#websites-with-monitored-keystrokes-and-copy-paste"><strong>Websites with Monitored Keystrokes and Copy/Paste</strong></a></td><td>Specifies websites where keystroke and copy/paste activity is monitored or excluded.</td></tr><tr><td><a href="#applications-monitored-at-network-level-lsp"><strong>Applications Monitored at Network Level (LSP)</strong></a></td><td>Lists applications monitored at the network level using the LSP approach.</td></tr><tr><td><a href="#status-of-client-components"><strong>Status of Client Components</strong></a></td><td>Lists client components and controls whether each is enabled or disabled.</td></tr><tr><td><a href="#file-extensions-monitored-at-file-system-level"><strong>File Extensions Monitored at File System Level</strong></a></td><td>Filters file upload monitoring by file extension type.</td></tr><tr><td><a href="#applications-monitored-at-file-system-level"><strong>Applications Monitored at File System Level</strong></a></td><td>Lists applications monitored for sensitive data uploads at the file system level.</td></tr><tr><td><a href="#applications-monitored-at-file-system-level-to-provide-file-path-information"><strong>Applications Monitored at File System Level to Provide File Path Information</strong></a></td><td>Lists applications monitored to provide full file path data for network monitoring.</td></tr><tr><td><a href="#applications-monitored-at-file-system-level-where-repeated-incidents-are-ignored"><strong>Applications Monitored at File System Level where Repeated Incidents are Ignored</strong></a></td><td>Suppresses repeated incident alerts from specified applications at the file system level.</td></tr><tr><td><a href="#applications-hosting-websites-with-end-to-end-encryption"><strong>Applications Hosting Websites with End-to-End Encryption</strong></a></td><td>Lists browser applications monitored at the file system level to intercept file uploads on end-to-end encrypted websites.</td></tr><tr><td><a href="#websites-with-end-to-end-encryption"><strong>Websites with End-to-End Encryption</strong></a></td><td>Lists websites with end-to-end encryption where file system monitoring is required alongside network monitoring.</td></tr></tbody></table>

## Create an Advanced Setting

Before configuring any monitoring parameters, an Advanced Setting policy must be created first. Once created, it starts in an Inactive state and needs to be configured before being activated and applied to devices.

<figure><img src="/files/A5D103xvTes4h1FtazAa" alt=""><figcaption></figcaption></figure>

1. Navigate to **INSIGHT** > **Advanced Settings**.
2. Click **+ New Advanced Setting**.

{% stepper %}
{% step %}

### Configure Policy Info

3. In the **Policy Info** tab, fill in the following fields and click **Next**:<br>

   <figure><img src="/files/xmSB8uzjcg2G2onLQela" alt="" width="563"><figcaption></figcaption></figure>

   1. **Copy Settings From (Optional):** Select an existing Advanced Setting to copy its configuration into this new one. Useful for duplicating a baseline policy instead of starting from scratch.
   2. **Setting Name:** Enter a clear, identifiable name for the setting.
   3. **Description:** Briefly describe what this setting is for, who it applies to, or how it differs from other settings.
   4. **Set as Default Setting (Optional):** Marks this as the organisation-wide default. Only one default setting can be active at a time; it is automatically assigned to all newly created users and can be duplicated to create policy variations from a common baseline.
      {% endstep %}

{% step %}

### Configure Settings

Once created, the **Advanced Setting** starts in an **Inactive** state. Configure the required settings, then activate when ready to apply to devices. Each setting can be enabled or disabled. Disabling a setting reverts it to its default state, which disables the functionality associated with it.

<figure><img src="/files/2f9RvuLlRfGmq1XMcnBe" alt=""><figcaption></figcaption></figure>

<details>

<summary>Report Upload &#x26; Communication Settings</summary>

The intervals, durations, timeouts, and bandwidth settings that control the uploading of reports and downloading of policies and commands.

<figure><img src="/files/IxUX5ie7lqCzON3fHfXk" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.

**Report Upload Settings:** This setting controls how monitoring data is packaged and sent from client devices to the server.

<table><thead><tr><th width="148">Field</th><th width="112">Default</th><th>What It Means</th></tr></thead><tbody><tr><td><strong>Bulk Report Packet Size</strong></td><td>(in Bytes)</td><td>The size of each data packet sent during a bulk report upload. Smaller packets result in more frequent sends; larger packets mean fewer, heavier transfers.</td></tr><tr><td><strong>Report Interval</strong></td><td>(in Min)</td><td>How often the client sends a report to the server. Lower values provide more real-time data; higher values reduce server load.</td></tr><tr><td><strong>Bulk Report Time</strong></td><td>(in Min)</td><td>The time window during which bulk reports are sent. Use this to schedule heavy uploads during off-peak hours.</td></tr><tr><td><strong>Bulk Report Bandwidth</strong></td><td>(in Bytes/Sec)</td><td>The maximum bandwidth the client can use when uploading bulk reports. Set to <strong>0</strong> for no limit.</td></tr><tr><td><strong>Bulk Report Retry Interval</strong></td><td>(in Min)</td><td>How long the client continues retrying a failed report upload before stopping.</td></tr></tbody></table>

**Communication Settings:** This setting controls connection behaviour, timeouts, polling frequency, and heartbeat signals between the client and server.

<table><thead><tr><th width="154">Field</th><th width="98">Default</th><th>What It Means</th></tr></thead><tbody><tr><td><strong>Connection Timeout</strong></td><td>(in Sec)</td><td>How long the client waits for a server response before considering the connection failed.</td></tr><tr><td><strong>Common Timeout</strong></td><td>(in Sec)</td><td>A general timeout applied across standard communication operations.</td></tr><tr><td><strong>Communication Interval</strong></td><td>(in Min)</td><td>How frequently the client initiates a general communication cycle with the server.</td></tr><tr><td><strong>Communication Interval Status</strong></td><td>—</td><td>Indicates whether scheduled communication with the server is currently active.</td></tr><tr><td><strong>Command Interval</strong></td><td>(in Min)</td><td>How often the client checks for new commands from the server.</td></tr><tr><td><strong>Setting Interval</strong></td><td>(in Min)</td><td>How often settings are synchronized between client and server.</td></tr><tr><td><strong>Setting Status Interval</strong></td><td>—</td><td>Indicates whether automatic settings synchronization is currently active.</td></tr><tr><td><strong>Client Status Interval</strong></td><td>(in Min)</td><td>How often the client reports its status back to the server.</td></tr><tr><td><strong>Client Command Interval Status</strong></td><td>—</td><td>Indicates whether periodic command polling is currently active.</td></tr></tbody></table>

</details>

<details>

<summary>Applications Monitored at Network Level</summary>

List of applications that are monitored for sensitive data uploads at the network level. The proxy can only monitor applications that are explicitly on this list. If an application is not listed, its traffic will not be captured.

Use an exclude list with an empty list to apply monitoring to all applications. Using an include list for broad coverage is impractical and not recommended.

<figure><img src="/files/9CUeqTwaFYJgeP0ktEZZ" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Use the **Search applications...** to check if the application is already listed.
3. If found, select the checkbox next to it to enable monitoring.
4. If not listed, enter the application name with its extension (e.g., `chrome.exe`) in the **Add Application** field and click **Add Application**.
5. Confirm the application appears in the list and is selected for monitoring.

</details>

<details>

<summary>IP Addresses Not Monitored at Network Level</summary>

List of IP addresses that are monitored, or not monitored, for sensitive data. This list is usually used to exclude IP addresses used by internal applications that are considered secure and do not need monitoring for the uploading of sensitive data.

<figure><img src="/files/CT5ly9YaPj18djj3jBv0" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Enter the IP address in the **Add IP** field.
3. Click **Add IP** to add it to the list.
4. Confirm the IP address appears in the list.

</details>

<details>

<summary>Applications with Monitored SSL Traffic</summary>

List of applications whose SSL traffic is monitored for sensitive data uploads. This setting is tied to the network monitoring approach. If network monitoring is enabled, SSL traffic monitoring should also be enabled for the relevant applications. This section can be configured as either an include list or an exclude list, depending on the scope of monitoring required.

<figure><img src="/files/aY479lkAvVV9N7zbTZOn" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the appropriate mode:
   * **Include list:** Only the listed applications will have their SSL traffic monitored.
   * **Exclude list:** All applications will have their SSL traffic monitored except those listed. Leave the list empty to monitor all applications.
3. Select the checkbox next to the application to add it to the list.

</details>

<details>

<summary>Websites with Monitored SSL Traffic</summary>

List of websites whose SSL traffic is monitored for sensitive data uploads. To monitor SSL traffic for specific websites only, add their URLs to the include list. To monitor all SSL traffic, use the **Exclude List** option and leave the list empty.

<figure><img src="/files/cDpWTz15tTVfUPiK3nf4" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the appropriate mode:
   * **Include list:** Only SSL traffic for the listed websites will be monitored.
   * **Exclude list:** All SSL traffic will be monitored except for the listed websites.
3. If your desired website is not on the list, enter the website URL (e.g., `google.com`) in the **Add Website** field, confirm it appears in the list, and select it.

</details>

<details>

<summary>Applications with Monitored Keystrokes and Copy/Paste</summary>

List of applications where keystrokes and copy/paste activity are monitored, or not monitored, for sensitive data. This is particularly useful for restricting monitoring in sensitive applications such as password managers or tools that handle confidential input.

<figure><img src="/files/fdBNLvDyEVFyjhZbBrCN" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the appropriate mode:
   * **Include list:** Keystroke and copy/paste monitoring will apply only to the listed applications.
   * **Exclude list:** Keystroke and copy/paste monitoring will apply to all applications except those listed. Leave the list empty to monitor all applications.
3. Select the checkbox next to the application to add it to the list.

</details>

<details>

<summary>Websites with Monitored Keystrokes and Copy/Paste</summary>

List of websites where keystrokes and copy/paste activity are monitored, or not monitored, for sensitive data. This list is usually used to exclude banking or similar websites where users may type personal passwords.

<figure><img src="/files/vWDCaVYxW5HSc1FfYl3P" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the appropriate mode:
   * **Include list:** Keystroke and copy/paste monitoring will apply only to the listed websites.
   * **Exclude list:** Keystroke and copy/paste monitoring will apply to all websites except those listed. Leave the list empty to monitor all websites.
3. Select the checkbox next to the website to add it to the list.

</details>

<details>

<summary>Applications Monitored at Network Level (LSP)</summary>

List of applications that are monitored for sensitive data uploads at the network level using the Layered Service Provider (LSP) approach. LSP is an alternative network interception method to WFP (Windows Filtering Platform).

<figure><img src="/files/V3dQIKdobuZcV9FAsvAS" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Enter the full file path to the application's DLL in the **Add Winsock Exception** field (e.g., `C:\Windows\System32\wsock32.dll`).
3. Click **Add New Exception** to add it to the list.
4. Confirm the entry appears in the list.

</details>

<details>

<summary>Status of Client Components</summary>

List of client components, such as drivers, and whether they are enabled or not. Each component can be set to **Default**, **Enable**, or **Disable** individually.

<figure><img src="/files/mx4YBR4a0oOkOSX0WFw0" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Review the components listed and adjust each toggle as required.

<table><thead><tr><th width="125">Component</th><th width="102">Default</th><th width="107">Options</th><th>Description</th></tr></thead><tbody><tr><td><strong>Proxy Options</strong></td><td>Default</td><td>OFF / WFP / LSP</td><td>Controls the proxy mode used for network traffic interception. WFP (Windows Filtering Platform) and LSP (Layered Service Provider) are the two available interception methods.</td></tr><tr><td><strong>Proxy Extension</strong></td><td>Default</td><td>Enable / Disable</td><td>Enables or disables the proxy browser extension.</td></tr><tr><td><strong>GW Scanner</strong></td><td>Default</td><td>Enable / Disable</td><td>Monitors USB device insertions and tracks file-level changes on the system.</td></tr><tr><td><strong>GW Dogfile</strong></td><td>Default</td><td>Enable / Disable</td><td>Protects files within GuardWare directories from unauthorised modification or deletion.</td></tr><tr><td><strong>Chat Docmon</strong></td><td>Default</td><td>Enable / Disable</td><td>Monitors file usage by instant messaging applications at the file system level, including cloud-based services.</td></tr><tr><td><strong>USB Monitor</strong></td><td>Default</td><td>Enable / Disable</td><td>Tracks file transfers to USB devices connected to the system.</td></tr><tr><td><strong>GWPG (Process Guard)</strong></td><td>Default</td><td>Enable / Disable</td><td>Protects GuardWare processes from unauthorised termination. Operates as a kernel-level process for enhanced protection against tampering.</td></tr></tbody></table>

</details>

<details>

<summary>File Extensions Monitored at File System Level</summary>

List of file extensions that are monitored for sensitive data uploads at the file system level. Use this to focus monitoring on high-risk file types or to exclude low-risk types to reduce noise in reports.

<figure><img src="/files/ClE5V9C9w6RR8deaK3NI" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the appropriate mode:
   * **Include list:** Only uploads of the specified file extensions will be monitored.
   * **Exclude list:** All file uploads will be monitored except those with the specified extensions. Leave the list empty to monitor all file extensions.
3. Enter the file extension in the **Add Extension** field (e.g., `pdf`, `xlsx`, `zip`) and click **Add Extension**.
4. Confirm the extension appears in the list.

</details>

<details>

<summary>Applications Monitored at File System Level</summary>

List of applications that are monitored for sensitive data uploads at the file system level.

<figure><img src="/files/IrxvU9Y3wyHhLjdDBTgJ" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the checkbox next to the application to add it to the monitoring list.
3. If the application is not listed, enter the application name in the **Add Application** field and click **Add Application**.
4. Confirm the application appears in the list and is selected for monitoring.

</details>

<details>

<summary>Applications Monitored at File System Level to Provide File Path Information</summary>

List of applications monitored at the file system level to provide full file path information in network monitoring. Network monitoring captures the destination (the website) and the name of the uploaded file.

<figure><img src="/files/4P7dt7OOFkcDASriYnHw" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the checkbox next to the application to add it to the monitoring list.
3. If the application is not listed, enter the application name in the **Add Application** field and click **Add Application**.
4. Confirm the application appears in the list and is selected for monitoring.

</details>

<details>

<summary>Applications Monitored at File System Level where Repeated Incidents are Ignored</summary>

List of applications monitored at the file system level where repeated incidents are ignored. This is usually used to prevent the over-reporting of file system activity that can occur when an application regularly uploads its internal files to its server, and those files contain content tagged as sensitive.

<figure><img src="/files/JOJLxFBspCRw5Q2KVUcB" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the appropriate mode:
   * **Include list:** Repeated incident suppression will apply only to the listed applications.
   * **Exclude list:** Repeated incident suppression will apply to all applications except those listed.
3. Select the checkbox next to the application to add it to the list.

</details>

<details>

<summary>Applications Hosting Websites with End-to-End Encryption</summary>

List of browser applications to be monitored at the file system level in order to intercept file uploads on websites with end-to-end encryption. For websites implementing end-to-end encryption, it is not possible to intercept file uploads using network monitoring alone.

Where end-to-end encrypted websites are permitted, and there is a concern that files containing sensitive data may be uploaded, both file system monitoring (file paths and contents) and network monitoring (destinations) are required in order to produce reports containing URL and file path information for the uploaded sensitive data.

<figure><img src="/files/tEXybTd5Au446oVRVnas" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the checkbox next to the application to add it to the monitoring list.
3. If the application is not listed, enter the application name in the **Add Application** field and click **Add Application**.
4. Confirm the application appears in the list and is selected for monitoring.

</details>

<details>

<summary>Websites with End-to-End Encryption</summary>

List of websites with end-to-end encryption. For websites implementing end-to-end encryption, it is not possible to intercept file uploads using network monitoring alone. Where end-to-end encrypted websites are permitted, and there is a concern that files containing sensitive data may be uploaded, both file system monitoring (file paths and contents) and network monitoring (destinations) are required in order to produce reports containing URL and file path information for the uploaded sensitive data.

<figure><img src="/files/lpgROjeiwo1T0ZDzQJMR" alt=""><figcaption></figcaption></figure>

1. Click the checkbox to select the setting or click **View Setting** to open the configuration window.
2. Select the appropriate mode:
   * **Include list:** Only the listed websites will be subject to end-to-end encryption file upload monitoring.
   * **Exclude list:** All websites will be monitored except those listed.
3. Enter the website URL or page title in the input field and click **Add**.
4. Confirm the entry appears in the list.

</details>
{% endstep %}

{% step %}

### Review & Save

1. Scroll to the top of the page and click **Review & Save**. A summary of all configured settings will appear in the side panel.

   <figure><img src="/files/BkJhD41kYfzbto7csAEg" alt="" width="563"><figcaption></figcaption></figure>
2. Review the configurations. To make any changes, close the panel, update the relevant settings, and click **Review & Save** again.

   <figure><img src="/files/O3oqDQH8qVG4DV880rP0" alt="" width="563"><figcaption></figcaption></figure>
3. Once satisfied, click **Save** to apply the configuration.
   {% endstep %}
   {% endstepper %}

## Manage Advanced Settings

After creating an Advanced Setting, it can be assigned to devices, edited, or deleted from the Advanced Settings list. Devices assigned to a deleted setting automatically revert to the default setting, which cannot itself be deleted. Bulk actions are also available for deleting multiple settings or reassigning devices from one setting to another.

#### Assign Devices

1. Navigate to **INSIGHT** > **Advanced Settings.**
2. Click **Assign Devices** next to the setting you want to assign to a device.

   <figure><img src="/files/hdlwJwfo0n2QgYdNJIlm" alt="" width="563"><figcaption></figcaption></figure>
3. Select devices to assign the setting to, or deselect them to remove the setting.
4. Click **Add** to apply changes.

{% hint style="info" %}

* A device can have only one advanced setting assigned at a time.
* Multiple devices can be assinged to an advanced setting.
* When a new advanced setting is assigned to a device, the existing advanced setting is automatically removed and replaced.
  {% endhint %}

#### Edit an Advanced Setting

1. Navigate to **INSIGHT** > **Advanced Settings.**
2. Click **Edit** next to the relevant setting.<br>

   <figure><img src="/files/sXfv2XUFD7zMlEqv6bF0" alt="" width="563"><figcaption></figcaption></figure>
3. Update the required fields and settings. The process follows the same steps as [creating a new Advanced Setting](#creating-an-advanced-setting).
4. Click **Review & Save** to review the changes.
5. Click **Update** to confirm changes.

#### Delete an Advanced Setting

1. Navigate to **INSIGHT** > **Advanced Settings**.
2. Click **Delete** next to the relevant setting.<br>

   <figure><img src="/files/OsEAGjs7InKcFocTEZfE" alt="" width="563"><figcaption></figcaption></figure>
3. Click **Yes, Delete it!** to confirm.

{% hint style="info" %}
To delete settings in bulk, click the checkboxes next to the settings and select the **Delete** <i class="fa-trash-can">:trash-can:</i> **icon**.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.guardware.com/insight/guardware-insight/insight-v5/advanced-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.