GAT for Enterprise
GAT for Education
Popular Search the
View Categories

How to Report and Remove Files Downloaded by Google Workspace Users with GAT Shield

4 min read

Table of Contents

How to Report and Remove Files Downloaded by Google Workspace Users with GAT Shield #

The GAT Shield extension allows admins to track and view user behavior while logged into their Google domain account.

Google Workspace Admins can set up real-time alerts based on the behavior of the end-users.

These GAT Shield Alert Rules allow admins to stop and report unsafe downloads by users across their domain.

Report and remove downloaded files GAT Shield #

Set up a download rule #

Navigate to  GAT Shield → Alerts → Rules > +New Alert Rule 

Fill in the details for the download alert rule

1. Name & Type #

For each field, various options are displayed for selection.

  • Name: Enter a descriptive name for the alert rule.
  • Type: Select “Download” from the drop-down menu.
    • This option triggers a notification when a user downloads a file. You can customize the alert based on file formats, sizes, and specific web pages it applies to.

Action

When an alert rule is triggered, a pre-selected action will be executed on the user’s device. Note that only tabs that trigger the rule will be affected if “Close” or “Redirect” actions are chosen.

  • Show a warning message: Display a warning message to the end-user.
  • Close: Close the Browse tab.
  • Close without warning: Close the Browse tab directly, without any prior notification.
  • Redirect: Redirect the user’s browser tab. You must also enter a warning message to be displayed to the end-user.
  • Redirect without warning: Redirect the user’s Browse tab without displaying a warning message.
  • No action: Select this option if no action should be performed on the end-user’s device.
    • Default Severity
      • When an alert rule is triggered, a notification is generated. The severity of this notification indicates its level of importance. “Default Severity” is the value assigned to all notifications created by this specific rule.
        • Select Low, Unspecified (default), or High to set the notification’s severity level.

Creating a new GAT Shield alert rule with the name 'exe and png download', setting the rule type to 'Download', the action to 'Show warning', and default severity to 'Low'.

2. Scope of the New Alert Rule #

In the Scope field, select all the users who will be affected by the alert rule

  • Scope – add the users, group of users, or org. unit of users that will be affected by the rule
  • Rule exclusions
    • Excluded Account – select a list of users to be excluded from the rule
    • Excluded OU – select an OU to be excluded from the rule
    • Excluded Websites – select a list of websites to be excluded from the rule
    • Active only on selected websites – select a list of websites that this rule will only run on
  • Time restriction – select the times when the rules will be applied.
    • By default, when no time restriction is added, the rule will always be active. To change it, select days and time ranges when the rule will be active.
  • Continue – click to continue to the next configuration 

Scope - a window where to enter the affected users by the rule, you can select user, group or org unuit of users, rule exclusions, select users to be excluded from the alert and time restriction option where you can select times where the rule will be active

3. Configuration of the New Alert Rule #

In the configuration, fill in the required information

  • Mode – select what mode to be enabled. 
    • File Extensions
    • File Size 
    • File Extensions and Size
  • File extensions – enter the file extensions for which the rule will be applied.
    • The alert rule will be triggered if the downloaded file has any of these extensions. If the minimum file size is set you can leave this list empty to trigger on any download.
  • Minimum File size – Enter a minimum file size to trigger the alert.
  • Units – Specify the file size unit you want to trigger the alert.
  • Cancel download – Enabling this option cancels the download and removes local files
  • Continue – click the button to continue 

Mode Selection Choose the mode that defines how the alert rule will be applied: File extensions and Size: The rule will be triggered based on both file extensions and file size. File extensions only: The rule will be triggered based solely on file extensions. Size only: The rule will be triggered based solely on file size. File Specifications File extensions: Enter the specific file extensions that will trigger this rule (e.g., "pdf, docx, zip"). If a Minimum File size is configured, you can leave this field empty to trigger the alert on any download, regardless of extension. Minimum File size: Enter a numerical value representing the minimum file size (in bytes, kilobytes, or megabytes) that will trigger the alert. For example, "10KB" or "5MB". Cancel download: Enable this option to automatically cancel the download and delete any locally saved files when the alert rule is triggered.

4. Notifications of the New Alert Rule #

In the notifications,

  • Recipients – Select the alert recipients
  • Webhooks & SIEM – export alerts directly into a centralized external system such as Splunk, Elastic Search, or a Generic Webhook receiver
  • Notification interval – select the time (in minutes) for which the alert notification will not be sent
  • Full alert context by saving website and file information, and including them in the notifications
  • Screen capture – select an option from the list  
    • Do not send
    • Send in the notification email
    • Send in the notification email and save to the rule creator’s Drive
    • Send in the notification email, save to the rule creator’s Drive, and share it with other alert recipients
  • Webcam capture – select an option from the list 
    • Do not send
    • Send in the notification email
    • Send in the notification email and save to the rule creator’s Drive
    • Send in the notification email, save to the rule creator’s Drive, and share it with other alert recipients
  • Continue – click the button to continue 

Alert Rule Configuration: Notifications This section describes how to configure the notification settings for your alert rules. Recipients and Frequency Recipients: Choose the individuals or groups who will receive these alerts. Notification interval: Set the time in minutes during which duplicate alert notifications will not be sent for the same event. This prevents notification spam. Alert Context Full alert context: Enable this option to include detailed website and file information directly within the alert notifications. This provides a comprehensive overview of the triggered event. Visual Captures Screen capture: Select one of the following options for screen captures when an alert is triggered: Do not send: No screen capture will be included in the notification. Send in the notification email: A screen capture will be attached to the notification email. Send in the notification email and save to the rule creator's Drive: The screen capture will be sent via email and also saved to the Google Drive of the user who created the rule. Send in the notification email, save to the rule creator's Drive and share with other alert recipients: The screen capture will be emailed, saved to the rule creator's Drive, and shared with all other designated alert recipients. Webcam capture: Select one of the following options for webcam captures when an alert is triggered: Do not send: No webcam capture will be included in the notification. Send in the notification email: A webcam capture will be attached to the notification email. Send in the notification email and save to the rule creator's Drive: The webcam capture will be sent via email and also saved to the Google Drive of the user who created the rule. Send in the notification email, save to the rule creator's Drive and share with other alert recipients: The webcam capture will be emailed, saved to the rule creator's Drive, and shared with all other designated alert recipients.

5. Summary of the New Alert Rule #

In the Summary, the Admin can view all the details for the rule that has been created

Click on the Create button to create the rule

Result for the end-user #

The end-user where the rule is applied will receive a notification on their screen, depending on what “End-user” action is selected.

The download will be removed, and the user will see this message in the recent download history on their Chrome browser

Result for the Google Workspace Admin #

All the results will be displayed in GAT  Shield > Alerts > Notifications 

Time frame, select the time frame (top right) for wich you want to see the notification for.

All the results will be displayed in GAT  Shield > Alerts > Notifications  Time frame, select the time frame (top right) for wich you want to see the notification for.

Frequently Asked Questions (FAQ) #

Q1: Can I block specific file types from being downloaded without stopping all downloads?

A1: Yes. When configuring the New Alert Rule, you can set the mode to “File extensions only” or “File extensions and Size.” By entering specific extensions (e.g., .exe, .zip, or .mp4), the rule will only trigger and cancel downloads for those specific file formats, leaving other downloads unaffected.

Q2: What happens to the file on the student’s computer if a “Cancel download” rule is triggered?

A2: If the “Cancel download” option is enabled in the rule configuration, GAT Shield will actively terminate the download process and remove the local file from the user’s device. The end user will see a “Removed” status in their Chrome download history, and depending on settings, they may also receive a warning message or have their tab closed/redirected.

How-to video:

GAT Shield
Did you find this article helpful?

This website uses cookies to ensure you get the best experience on our website

Accept all