Configuring advanced settings in the registry base

Some advanced parameters in SDS Enterprise must be configured in the Windows registry base.

To edit the registry base:

Go to the registry database by running regedit.exe.
In the tree, go to the key indicated.
Change the value of the key.
Quit the registry database.
Restart the machine.

Changing the dates of the last access

When Stormshield Data Team is installed on a workstation, the date of the last access changes when a folder is browsed. The AccessTimeAction parameter makes it possible to restore the actual date on which files were last accessed.

Key

AccessTimeAction (DWORD)

Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBoxTeamDrv\Parameters

Values

0x00000000: The access date modified by Stormshield Data Team is kept (default value),
0x00000001: The access date is restored on standard file systems,
0x00000002: The access date is restored on NFS file systems,
0x00000008: The access date is restored on standard file systems with a potential slowdown in performance. This option enables compatibility with file systems considered standard, such as NAS EMC or non-standard CIFS servers.

In general, the default value 0x00000000 is recommended. However, when using an archive solution based on a NAS EMC, the value 0x00000008 is recommended.

Moving folders available offline

Using the cachemov.exe tool, the system folder - <%WINDIR%>\CSC -, which contains the files that are available offline, can be moved.

Stormshield Data Team must be configured as follows to manage this particular environment:

Key	`SkipFolderR(DWORD)`
Location	HKLM\SYSTEM\CURRENTCONTROLSET\Services\SBoxTeamDrv\Parameters
Value	Add the folder containing the CSC database.

Keeping performance optimal on the workstation

When Stormshield Data Team is used, users' workstations may slow down. To keep the usual levels of performance, the following registry keys can be applied:

Improving performance when browsing encrypted trees

Some Windows processes can slow down the workstation by regularly accessing folders that Stormshield Data Team encrypts.

To reduce the frequency of these slowdowns, you can exclude in the registry database the processes that are considered safe and do not cause any file modifications. If the SkipApp key does not exist, you can create it by choosing a REG_MULTI_SZ value.

Key

SkipApp (MULTI_SZ)

Location

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SboxTeamDrv\Parameters

Value

Add one process to exclude per line. We recommend that you exclude the following processes:

SearchIndexer.exe

searchUI.exe

MsMpEng.exe

SearchProtocolHost.exe

SearchFilterHost.exe

mobsync.exe

msdtc.exe

mstsc.exe

mobsync.exe

wfica32.exe

vmtoolsd.exe

SecurityHealthService.exe

SearchApp.exe

NisSrv.exe

As well as the specific Dell processes:

HostStorageService.exe

HostControlService.exe

Excluding Windows processes that access encrypted folders

To reduce the time it takes to determine whether a folder is encrypted in “smart card” mode (this determines the icon of the folder), the value of the OverlayIconAccuracy parameter can be changed.

Key	`OverlayIconAccuracy (DWORD)`
Location	HKEY_LOCAL_MACHINE\SOFTWARE\ARKOON\Security BOX Enterprise\Properties\Team
Value	`0x40`: Greatly reduces the time it takes to determine whether a folder is encrypted in smart card or token mode.

Excluding Windows Defender extensions and scans

To prevent your workstation from slowing down, you can also exclude the extensions and scans that Windows Defender runs:

Key	`Extensions(DWORD)`
Location	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
Value	Add the list of extensions to exclude. We recommend that you exclude the following extensions: .box, .sbox, .sbt, .sdsx, .usi, .usr.

Key	`Processes(DWORD)`
Location	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions
Value	Add the list of processes to exclude. We recommend that you exclude the following processes: SBDSRV, SBoxDiskSrv as well as antivirus and other EDR processes.

Disabling automatic suggestion of co-workers

When selecting the co-workers you want to share the folder with, co-workers who hold the Windows permissions that enable accessing the folder concerned are automatically suggested in a group which name is Windows permissions.

You can disable this feature by creating the following registry key:

Key	`SuggestCoworkersThroughACL (DWORD)`
Location	HKEY_LOCAL_MACHINE\SOFTWARE\Arkoon\Security BOX Enterprise\Kernel\
Value	0