Part of the protection aspect of PA File Sight is the Blocked Users List. Any account added to the Blocked Users List will not be able to read, write or delete files on any drive that is monitored by the PA File Sight installation (including drives monitored by Satellite Monitoring Services).
This action can only be added to a File Sight monitor. It is not supported with any other monitor type.
This action can automatically add accounts to the Blocked Users List when a monitor triggers on some particular action. This might be useful in the following scenarios:
This action is very powerful, and caution should be taken when using it so valid accounts are not blocked.
The action is very easy to configure: you just specify how long an account should be blocked when the monitor it is attached to fires this action.
Any time a File Sight monitor has one of these actions attached, it will show a red warning banner reminding you that any account that the monitor triggers on will have file access blocked.
Because blocking access to the wrong accounts could cause trouble, there is always a TESTING version of the Add to Blocked Users List action. This action does the exact same thing as the normal action, except it adds "TEST" to the wrong of all accounts on the blocked list. Because of this, they are not actually blocked.
It is recommended to use this TESTING action while you are getting your monitor configured, and let it run that way for a little while. When you are convinced that no false positives are occurring, remove the TESTING action from the monitor and attach the real action.
It is expected that having an account on the Blocked Users List should be a rare event. Therefore, when a user is added to the list:
Adding this action to a File Sight monitor without also adding an Email Action will cause a warning.
The bottom half of the action is a convenient place to see the current Blocked List and the White List of unblockable accounts. It's also where you can add and remove users from the lists.