netwrix · bturlea · Nov 26, 2025 · Nov 26, 2025 · Nov 26, 2025
@@ -0,0 +1,119 @@
+---
+title: "Content Aware Protection for AI interactions"
+description: "Content Aware Protection for AI interactions"
+sidebar_position: 60
+---
+
+# Content Aware Protection for AI interactions
+
+**Introduction**
+
+As artificial intelligence tools become increasingly integrated into everyday business processes, Netwrix Endpoint Protector (EPP), a leader in Data Loss Prevention (DLP) technology, has addressed the need for enhanced visibility and control. With the introduction of EPP Client version 2511, users now have access to a feature that extends Data Loss Prevention to Large Language Models (LLMs).
+
+**Key Features**
+
+This new functionality enables businesses to maintain precise control over information exchanges with popular AI chat applications. By incorporating Data Loss Prevention for LLMs, EPP enhances security by:
+
+-   Granting administrators the ability to manage who can interact with AI prompts through web applications.
+-   Offering tools to oversee the management of sensitive content, whether it is typed directly or attached as a file.
+
+**Benefits**
+
+By implementing these controls, organizations can ensure that sensitive information is protected during interactions with AI applications, thereby reducing the risk of data leaks and maintaining compliance with internal and external data security policies.
+
+## AI Interaction Visibility and Control in Endpoint Protector: Data Loss Prevention for LLMs
+
+By incorporating this capability into our DLP solutions, we ensure secure and compliant use of cutting-edge AI technologies, including ChatGPT, Microsoft Copilot, Google Gemini, DeepSeek, X Grok, and Claude, reinforcing our commitment to delivering superior data protection. Moreover, we extend coverage for Microsoft Copilot in Windows ecosystem, supporting the embedded Copilot add-in within Windows 11, the New Outlook, and the New Teams.
+
+As artificial intelligence continues to transform communication and collaboration processes, Endpoint Protector is committed to developing innovative solutions that address the complex challenges of safeguarding data in modern enterprises. This release marks a significant advancement in our mission to provide superior data security in an increasingly AI-driven world.
+
+## How to configure EPP to be able to monitor AI prompt transactions?
+
+To monitor or control AI prompts with EPP, you need to meet the following prerequisites:
+
+-   EPP Server version 2509 or newer
+-   EPP Client version 2511 or newer
+-   CAP license with the Content Aware Protection (CAP) module enabled
+-   DPI (Deep Packet Inspection) module enabled
+
+If all of the above requirements are fulfilled, most of the setup is already complete. This is because any existing web browser monitor/control policy will automatically apply to user interactions with supported AI chat applications, enforcing your policy definitions when violations occur.
+
+## Use Case Example:
+
+### I. Simple CAP Policy Triggering on Credit Card Detection**
+
+To configure a CAP policy for this purpose:
+
+1.  Define the CAP "Policy Name," "Policy Action," and "Thresholds" according to your requirements.
+
+![Define base CAP policy settings](capai_usecase01_01.webp)
+
+2.  Define CAP application exit points by selecting the web browsers you want to monitor or control. Make sure the relevant browsers are checked so the policy will be applied when users interact with AI chat applications through these browsers.
+
+![Define CAP application exit points](capai_usecase01_02.webp)
+
+3.  Define CAP Policy Denylists for this use case by selecting the necessary credit card patterns. Ensure that the appropriate patterns are checked so that the policy will detect and block any attempts to submit credit card information through AI chat applications.
+
+![Define CAP Policy Denylists](capai_usecase01_03.webp)
+
+4.  Save the policy and assign it to your selected endpoints.
+5.  This will ensure that the policy is enforced on the devices where you want to monitor or control AI prompt transactions.
+
+**You can check above example at the video below:**
+
+<video controls width="100%">
+  <source src="/videos/endpointprotector/capaiusecase1.mp4" type="video/mp4" />
+  Your browser does not support the video tag.
+</video>
+
+**Description of video**:
+At the initial stage, I conducted a simple comparative test across several AI platforms: Copilot, ChatGPT, Google Gemini, DeepSeek, and X Grok.
+
+    -   Responsiveness Check – Verified that each AI model was actively responding, ensuring the interaction was genuine and not a simulated or dummy web transaction triggered by the URL.
+    -   Data Leakage Simulation – Copied and pasted real credit card (CC) patterns and requested validation from each AI. By the way – samples are generated by one of AI engine:). The CAP (DLP) policy was configured to automatically block any transaction if CC data was detected.
+    -   Cross-Engine Validation – Repeated the same procedure across all mentioned AI engines to confirm consistent behavior and validate DLP enforcement.
+
+### II. Contextual CAP Policy Triggering on PII patterns in combination for Copilot web & apps
+
+To configure a CAP policy for this purpose:
+
+1.  Define the CAP "Policy Name," "Policy Action," and "Thresholds" according to your requirements.
+
+![Define base CAP policy settings](capai_usecase01_01.webp)
+
+2.  Define CAP application exit points by selecting the web browsers you want to monitor or control. Make sure the relevant browsers are checked so the policy will be applied when users interact with AI chat applications through these browsers.
+
+    **Tip:** For Copilot plugins in New Outlook, Teams, or Windows 11 25H2, it is recommended to also verify the in-app definitions for Outlook and Teams when configuring policies.
+
+![Define CAP application exit points](capai_usecase01_02.webp)
+
+3.  Define Policy Denylists for this use case by selecting the necessary credit card patterns. Ensure that the appropriate patterns are checked so that the policy will detect and block any attempts to submit credit card information through AI chat applications.
+
+![Define CAP Policy Denylists](capai_usecase02_01.webp)
+
+\*\*Tip:\*\* You can use contextual rules to create complex pattern definitions for more accurate and flexible policy enforcement.
+![Define CAP Policy conetual parameters](capai_usecase02_02.webp)
+
+4.  Save the policy and assign it to your selected endpoints.
+5.  This will ensure that the policy is enforced on the devices where you want to monitor or control AI prompt transactions.
+
+**You can check above example at the video below:**
+
+<video controls width="100%">
+  <source src="/videos/endpointprotector/capaiusecase2.mp4" type="video/mp4" />
+  Your browser does not support the video tag.
+</video>
+
+**Description of video:**
+
+The test begins with verifying **Copilot’s functionality** to ensure proper operation.
+
+    • **Initial HR Scenario** – An HR use case is simulated, where employment contract templates without sensitive data are enhanced using Copilot to improve formatting and presentation quality.
+
+    • **Data Leakage Prevention Test** – A realistic dataset containing sensitive HR information from a CRM system is introduced. When this data is processed through Copilot, the **Netwrix DLP** solution detects the presence of personal data and automatically **blocks the transaction**, preventing unauthorized disclosure.
+
+    • **Microsoft Teams Scenario** – The same test is conducted using **Copilot integrated with Microsoft Teams**. The DLP system again identifies sensitive information and stops the operation, confirming consistent protection within collaboration environments.
+
+    • **Outlook Scenario** – The procedure is repeated in **Microsoft’s new Outlook with Copilot Agent**. Despite the platform change, the DLP system maintains the same behavior, successfully blocking data transmission.
+
+    • **Conclusion** – The demonstration confirms that **Netwrix DLP** integrates seamlessly with AI tools such as Copilot to **prevent data leakage**, **enforce compliance**, and **ensure secure information handling** across Microsoft 365 applications.
@@ -3,14 +3,118 @@ title: "System Configuration"
 description: "System Configuration"
 sidebar_position: 140
 ---
-
 # System Configuration
 
 This section includes essential elements such as Endpoint Protector Clients, Licensing, and
 advanced configurations. These settings are critical for maintaining the system's performance,
 stability, and compliance, as they directly influence both the operational efficiency and
 reliability of the Endpoint Protector solution.
 
+## Server Update
+
+From this section, you can check and apply the latest security and Endpoint Protector Server
+updates.
+
+![Check and apply the latest security and  Server updates](serverupdate.webp)
+
+### Software Update
+
+![Management of software updates](softwareupdate.webp)
+
+Starting with the EPP 5.9.4.2 release, EPP server patches are offered only as Offline Patch files. Use the Offline Patch upload option to select the patch files from your computer and install them to update Endpoint Protector to the latest version.
+
+Beginning with EPP Server version 2509, all patches are delivered as cumulative updates, bringing your server directly to the latest version regardless of your current patch level.
+
+:::note
+Download the latest offline patches from the Netwrix My Products portal:
+[Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html).
+:::
+Click on the "Offline Patch Upload" button to begin the EPP Server patching procedure, and select the downloaded patch file.
+![Select the oﬄine patches from your computer and successively install them to the latest](offlinepatch.webp)
+
+:::note
+Customers using environments with version 5.9.4.2 or older should familiarize themselves with the [EPP Server 2509 release announcement](https://community.netwrix.com/t/major-version-announcement-endpoint-protector-server-version-2509/114025) and the associated [migration procedure for self hosted (on premises) customers](https://community.netwrix.com/t/on-premises-migration-procedures-for-endpoint-protector-server-v2509/114021).
+:::
+
+>**This functionality and section have been removed starting with EPP Server version 2509. It is retained in the User Manual solely as guidance for customers using older server versions, until limited supportability expires.** <br />
+>Click **Conﬁgure Live Update** to select manual or automatic live updates check, the number of
+>retries, and manage the Automatic Reporting to the LiveUpdate Server.
+>![Configuring Live Updates](configliveupdate.webp)
+>
+>Click **Check Now** to search for the Endpoint Protector Server updates displayed in the Available
+>Updates section. You can select and install an update with **Apply Updates**, or all updates with
+>**Apply all updates**. To view the latest installed updates, click **View Applied Updates**.
+>
+>You can also schedule an update. Select an entry from the available updates, click **Schedule
+>update** and then use the calendar to select the date and conﬁrm your selection.
+>
+>![Checking for available EPP server Updates](availableupdates.webp)
+>
+>Use the Oﬄine Patch upload option to select the oﬄine patches from your computer and successively
+>install them to the latest Endpoint Protector version.
+>
+>:::note
+>To request the Offline Patch, submit a support ticket through the
+>[Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html).
+>:::
+>
+>
+>![Select the oﬄine patches from your computer and successively install them to the latest](offlinepatch.webp)
+>
+>:::warning
+>Before upgrading your Endpoint Protector server to the 5.7.0.0 server version from a
+>pre-5206 version and adjacent OS image, you need to enable database partitions. For assistance,
+>submit a support ticket through the
+>[Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html).[](https://support.endpointprotector.com/hc/en-us/requests/new)
+>:::
+
+### Security Updates
+
+You can use this section to check and apply different types of security updates, view information on
+recent updates checked or installed, and a list of updates available.
+
+:::note
+The security update options will only be available for customer-hosted instances (e.g.
+AWS, Goggle, etc.) with the exception for Operating System and Kernel upgrades.
+:::
+
+:::warning
+Netwrix does not allow on-premise (self-hosted) customers to perform backend security updates by any method other than the web UI. Any violation of this rule is outside of Netwrix support and may cause EPP Server malfunction.
+:::
+
+:::note
+Updates are not tested beforehand but are pulled from the oﬃcial Linux repository.
+:::
+
+
+To ensure the updates will not harm the system, follow these actions:
+
+- test the updates in a test environment ﬁrst
+- make a VM snapshot
+- make a system backup from the System Maintenance, the System Backup v2 section
+
+Select one of the security updates type available and then click **Check Updates**:
+
+- Security – this will update all security-related updates of installed packages (Critical and High)
+- Other – this will download and apply any update available to 3rd party libraries, kernel, OS
+  packages and MySQL database
+- All Updates – this will download and apply Informational and Optional/Unclassiﬁed updates
+
+If there are updates available, click **Apply Updates**.
+
+![Applying Backend Security Updates](backendsecurityupdates.webp)
+
+:::note
+For history of applied Backend Updates go to admin action report and choose **Apply
+Updates** under Activity ﬁlter.
+:::
+
+
+:::note
+Due to patching nature, some updates may automatically restart the Endpoint Protector
+server or other sub-services in the background
+:::
+
 ## Client Software
 
 From this section, you can download the Endpoint Protector and Enforced Encryption Clients corresponding to

@@ -88,100 +88,6 @@ From the System Backup subsection, you can enable the System Backup.
 
 ![Enable the System Backup](systembackup.webp)
 
-## Live Update
-
-From this section, you can check and apply the latest security and Endpoint Protector Server
-updates.
-
-:::note
-This feature communicates through port 80. Whitelist the liveupdate.endpointprotector.com
-(IP: 178.63.3.86) domain.
-:::
-
-
-![Check and apply the latest security and  Server updates](liveupdate.webp)
-
-### Software Update
-
-![Management of software updates](softwareupdate.webp)
-
-Click **Conﬁgure Live Update** to select manual or automatic live updates check, the number of
-retries, and manage the Automatic Reporting to the LiveUpdate Server.
-
-![Configuring Live Updates](configliveupdate.webp)
-
-Click **Check Now** to search for the Endpoint Protector Server updates displayed in the Available
-Updates section. You can select and install an update with **Apply Updates**, or all updates with
-**Apply all updates**. To view the latest installed updates, click **View Applied Updates**.
-
-You can also schedule an update. Select an entry from the available updates, click **Schedule
-update** and then use the calendar to select the date and conﬁrm your selection.
-
-![Checking for available EPP server Updates](availableupdates.webp)
-
-Use the Oﬄine Patch upload option to select the oﬄine patches from your computer and successively
-install them to the latest Endpoint Protector version.
-
-:::note
-To request the Offline Patch, submit a support ticket through the
-[Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html).
-:::
-
-
-![Select the oﬄine patches from your computer and successively install them to the latest](offlinepatch.webp)
-
-:::warning
-Before upgrading your Endpoint Protector server to the 5.7.0.0 server version from a
-pre-5206 version and adjacent OS image, you need to enable database partitions. For assistance,
-submit a support ticket through the
-[Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html).[](https://support.endpointprotector.com/hc/en-us/requests/new)
-:::
-
-
-### Security Updates
-
-You can use this section to check and apply different types of security updates, view information on
-recent updates checked or installed, and a list of updates available.
-
-:::note
-The security update options will only be available for customer-hosted instances (e.g.
-AWS, Goggle, etc.) with the exception for Operating System and Kernel upgrades.
-:::
-
-
-:::note
-Updates are not tested beforehand but are pulled from the oﬃcial Linux repository.
-:::
-
-
-To ensure the updates will not harm the system, follow these actions:
-
-- test the updates in a test environment ﬁrst
-- make a VM snapshot
-- make a system backup from the System Maintenance, the System Backup v2 section
-
-Select one of the security updates type available and then click **Check Updates**:
-
-- Security – this will update all security-related updates of installed packages (Critical and High)
-- Other – this will download and apply any update available to 3rd party libraries, kernel, OS
-  packages and MySQL database
-- All Updates – this will download and apply Informational and Optional/Unclassiﬁed updates
-
-If there are updates available, click **Apply Updates**.
-
-![Applying Backend Security Updates](backendsecurityupdates.webp)
-
-:::note
-For history of applied Backend Updates go to admin action report and choose **Apply
-Updates** under Activity ﬁlter.
-:::
-
-
-:::note
-Due to patching nature, some updates may automatically restart the Endpoint Protector
-server or other sub-services in the background
-:::
-
 
 ## Effective Rights
 

diff --git a/static/videos/endpointprotector/capaiusecase1.mp4 b/static/videos/endpointprotector/capaiusecase1.mp4
diff --git a/static/videos/endpointprotector/capaiusecase2.mp4 b/static/videos/endpointprotector/capaiusecase2.mp4