The GAT Shield extension allows admins to track and view the user behavior while logged into their Google domain account.

Google Workspace Admins can set up real-time alerts based on the behavior of the end-users.

These Alert Rules allow admins to stop and report unsafe downloads by users across their domain.

How to Report and Remove Files Downloaded by Google Workspace Users? #

Apply a rule #

Navigate to Shield → Configuration → Alert Rules → +Add a rule 

• Add a rule for Downloads – File download
• Alert rule name – enter a name for the rule
• Active – enable or disable the rule
• File extension – enter the extension type, such as an exe, pdf, doc, png, mov – separate by semicolon
• File size – enter the size of files
• Cancel/delete download – enable or disable the option to prevent the downloads of the files
  • If selected (enabled) the file will be downloaded and removed from the users’ account
  • If unselected (disabled) only alert will be generated, the downloads will not be canceled 
• Report file name – enable or disable the view of the file name
• Scope – enter where the rules are to be active to which users, if blank the rule will be applied to all Shield users
• Screen/Webcam capture – You can check the report file name, screen capture, and webcam capture to see who downloaded the file and what their screen and webcam were capturing at the time of the download.
• Site exclusion – enter the sites where the rule will not be applied to.

Result for end-user #

When the Alert rule is triggered, an alert is being generated and Admin notified.

The end-user where the rule is applied will receive a notification on their screen

The download will be removed

Result for the Google Workspace Admin #

All the results will be displayed in Shield Alerts.

How-to video: