Skip to main content
Code42 Support

Endpoint Monitoring settings reference

Applies to:
  • Code42 CrashPlan (previously CrashPlan PROe)


This article contains a reference guide for settings used to enable endpoint monitoring for your entire Code42 environment.

These settings are only visible if you have purchased a license for Code42 Security Tools.

Endpoint monitoring

Labeled "Detection" in version 5.1.x

Endpoint Detection Settings

Item Description
a Removable media

Enables or disables scanning of file metadata on all removable media, such as USB drives or SD cards.

b Personal cloud

Enables or disables detection of syncing files using these cloud storage apps:

  • Box
  • Dropbox
  • Google Drive
  • iCloud
  • OneDrive
    OneDrive for Business is not supported.
c File upload (Windows only)

Enables or disables detection of files opened in web browsers, such as uploading attachments to web-based email.

d Restore

Enables or disables detection of CrashPlan file restore activity, such as restores of files belonging to other users.

e Pattern Matching
Labeled "YARA" in version 5.1.x

Enables or disables detection of dangerous, malicious, or sensitive file metadata and file contents based on specified patterns using the YARA rule framework. Pattern matching requires creating a YARA rule file and manually deploying it to each user device. Unlike the other types of endpoint monitoring, pattern matching only searches files included in the user's backup file selection.

Pattern matching can scan for MD5 hash and filename matches on any file, but does not extract file contents of binary or compressed files. Practically speaking, this means pattern matching only searches the contents of plain text files, unless you create a rule targeting a specific binary string.

Google Drive File Stream considerations
Google's Drive File Stream retrieves files by mounting a temporary drive on the user's device and streaming files to the temporary drive. As a result, Code42 endpoint monitoring detects this activity as a removable media event, not a cloud service event.