Windows Agent: Configuring Zone-Based (URL) Encryption & Decryption
  • 26 Mar 2021
  • 1 Minute to read
  • Dark
  • PDF

Windows Agent: Configuring Zone-Based (URL) Encryption & Decryption

  • Dark
  • PDF

Configuration of this script will enable the SecureCircle Agent to automatically protect or unprotect files in a designated location (Path). Files are protected or unprotected based on their matching domain hostURL zone.identified tag(s) (Zones) and file extension (Masks) filters.

Get PowerShell Scripts:



Consider and set the following parameters in the “sample-config.psd1” file provided:

Path =  C:/Users/myUser/Downloads/CompanyDocs #Monitor this path
CUUID = "{abc-123}" #CircleID
Masks = #Filter out events whose paths do not match any of these regexes (protect matching RegEx/extensions)
Zones =
      Decrypt = @ #Decrypt (unprotect) files matching the zone
      Encrypt = @ #Encrypt (protect) files matching the zone
      Precedence = #"Encrypt" or "Decrypt". This defines precedence in case both Decrypt and Encrypt are matched

(Optional) NoZoneIdBehavior can be set in order to protect or unprotected files without a matching zone.

Executing the script:


FileSystemWatcher.ps1 -ConfigFile sample-config.psd1 #Loads configuration from the file sample-config.psd1


FileSystemWatcher.ps1 -Configuration @{SCHostname = ...} #Specifies configuration inline (see sample-config.psd1 for configuration details)
  • The script can be executed manually on unmanaged devices, but it is suggested to have it execute during user logon, if a device management solution is implemented.

Was this article helpful?