Blocking Messages
Blocking messages prevent users from continuing whatever they are doing. Blocking messages open after a user has performed a risky activity, block the screen with a message forcing users to stop what they are currently doing. Users can be required to acknowledge the message, provide feedback explaining their actions, and open a link to view the company policy. While configuring Blocking Messages for a rule, you can also select to start recording the screenshots of every user activity from that point.
Blocking messages differ from warning notifications which are used to warn users about potential out-of-policy behavior in order to increase their awareness about the organization's security policy. See Warning Notifications.
Blocking Messages can be configured when creating or editing alert rules on Windows or Mac endpoints.
Users can receive the same blocking messages again (depending on the configured alert frequency) if they repeat the same risky activity.
Multiple blocking messages can be displayed one after the other chronologically, according to the time of arrival on the Agent. Th e stronger the action, the higher the priority , for example, Log off > Exit application > Block > Warning. By default, every time a message is displayed to the user, a predefined sound will be played.
For details on how blocking messages appear to the end user, see How Notification and Blocking Messages Appear to the End User.
The following procedure describes how to configure a Blocking Message to be displayed to the end user after a risky activity triggers an alert. In this example, the user will receive a blocking message when using Notepad which is a risky activity as it is against company policy.
To configure a blocking message for an alert rule
- From Configuration > Alerts > Alerts & Prevent Rules tab, in the Action area of the the Create/Edit Alert Rule page, select Blocking Message.
-
In the text box, enter the message that you want to display to the user.
You must enter a message text (up to 2000 characters); otherwise the rule cannot be saved. The message must also have a header (by default Policy Notification) of up to 64 characters.
-
To display a link to the company policy, select Display link to organization policy, and enter the Policy name (the text that will be displayed to the user) and Policy URL in the relevant fields.
-
If you want to force the user to acknowledge the message before closing it, select Force user acknowledgement.
-
If you want to enable users to provide feedback explaining their actions, select either the Optional user feedback or the Mandatory user feedback option (by default No user feedback is selected). This feedback can be viewed later by the administrator.
-
If you are currently recording in metadata only mode, you can select Start video recording in order to start recording also the screenshots of all user actions from that point onwards.
-
You can click the Preview button to see how the blocking message will appear to the user.
The following example shows a preview of the message when the Force user acknowledgement and Mandatory user feedback options are selected.
If this message is displayed to the end user (as configured in this example), they must select the I acknowledge check box, enter feedback in the text box (a minimum of 2 characters), and click the Submit button; otherwise, the message will continue to block the screen. Upon clicking Submit, the message text is sent by the Agent to the Application Server to be viewed by the administrator, and the blocking message closes. For details, see How Notifications and Blocking Messages Appear to the End User.
-
To close the preview of the blocking message, click the X button, or click anywhere on the screen outside the darker rectangle.
-
If required, you can make changes to fine-tune your message.
-
When you have finished defining your message, click Save to save your settings.
The newly configured alert rule is displayed in the Alert & Prevent Rules page. See Viewing Rules.