Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

Code42 Next-Gen Data Loss Protection best practices


Code42 Next-Gen Data Loss Protection (DLP) is a product suite of capabilities that help protect your company's information. This article provides best practices for Code42 security teams so they can most effectively use Code42 Next-Gen DLP.

Code42 Next-Gen Data Loss Protection is distinctly different from traditional data loss prevention. For more information, see Introduction to Code42 Next-Gen Data Loss Protection.


Best practices

We recommend you follow these best practices when you implement Code42 Next-Gen Data Loss Protection. 


Code42 Next-Gen Data Loss Protection automatically collects and stores every version of every file across all devices. Code42 Next-Gen DLP also indexes all file activity across devices and cloud services like Google Drive and Microsoft OneDrive.

To optimize file collection:

  • Select all the users' files
    By default, the Code42 app collects all files in a user's home directory. Use inclusion and exclusion settings to include any additional files from users' devices, and exclude any that you do not want to collect. Remember that any files that you do not collect cannot be recovered in the event of a data loss incident.
  • Collect new file versions every 15 minutes
    To get the best coverage for file recovery, use the default frequency and versions settings to collect new file versions every 15 minutes. 
  • Enable file metadata collection
    Select Forensic search and Cloud search detection types when enabling endpoint monitoring (described in the next section). Turning on these settings allows Code42 to collect file metadata on all files on all devices and in cloud services, even if the file contents are not being collected.


Code42 Next-Gen Data Loss Protection permits you to see file activity on removable media and files shared via cloud services.

To optimize monitoring:


You can triage and prioritize data threats by searching file activity across cloud services and all devices, even when they are offline.

To optimize threat investigation:

  • Review user activity
    Run the User Activity report to search for users' security events detected by endpoint monitoring. The report can help you identify and visualize potential data leaks. You can also export the results to a CSV file for analysis or archiving.
  • Use Forensic File Search to monitor data activity
    Use Forensic File Search to create saved searches to routinely scan for threats. Create saved searches for any number of use cases, such as finding known malware, seeing the location of critical files, and identifying cloud files shared with external users.
  • Use the Code42 API to automate threat detection
    Use the Forensic File Search API to create customized searches that you can script to automate threat detection.


You can retain files for all employees, for as long as the files are needed to satisfy data retention requirements related to compliance or litigation.

To optimize file preservation:

  • Never remove deleted files from archives
    To preserve files for threat investigation, use the default frequency and versions settings to never remove deleted files from archives. 
  • Preserve files with Legal Hold for enhanced surveillance
    If you suspect employees of malicious file activity, use Code42 Legal Hold to preserve their files as evidence. The resulting gathered files can be used in legal proceedings as needed. Gathering files for a legal hold is invisible to users and can use different file selection and preservation settings than Code42's standard file collection.
  • Extend cold storage duration
    Cold storage is a temporary storage state for data after a user or device is deactivated in your Code42 environment. You can specify how long this data is retained in cold storage before it is permanently deleted. Extending the cold storage duration preserves data for a longer period to ensure it is available for threat investigation, especially in cases of employee departure. Keep in mind that users whose data is in cold storage still consume subscriptions.


In the event of data loss (for example, deletion, corruption, or ransom), retrieve files from Code42 file archives.

To most effectively recover files: