Can Push block clipboard actions?

Yes, you can use the Push control Clipboard blocking to block clipboard copies and pastes containing content that is unauthorized, sensitive, or that doesn’t conform to your security policies.

For example, you may wish to block copies or pastes of API keys, personal access tokens, PII, cryptographic key material, and other sensitive data.

You can use Push’s provided content patterns, or create your own custom content patterns.

Clipboard events matching your configured rule are emitted via your SIEM integration or custom webhook, and also appear on the Events page of the Push admin console.

You can configure this control by going to Controls in the admin console and selecting Clipboard blocking.

Then create a configuration rule. You’ll set the Mode (Monitor, Warn, or Block, with an option to set an Allow mode for exceptions); the Scope (all employees, employee groups, or specific individuals; plus whether the control is applied to all profiles, profiles logged in with a company domain, or profiles logged in with a non-company domain); and the Conditions.

When specifying the Conditions for the control, you’ll set whether it applies to copy or paste operations and whether it applies to All URLs or specific URL patterns. When using All URLs, you must select one or more content patterns you’re checking for. For URL patterns, you can optionally check Trigger on specific content patterns and select content patterns.

Push provides preconfigured content patterns for:

• Cryptographic key material

• Database and infrastructure connection strings

• Generic secret patterns

• PII and identifiers

• Service credentials and API keys

You can also create your own custom content patterns via Advanced settings in the configuration slideout. To match on the custom content pattern, go to Content patterns in the configuration rule and select your newly created pattern.

To Warn or Block on all copy or paste operations from a URL, you’ll need to specify a URL pattern and leave the option for Trigger on specific content patterns unchecked so that all clipboard actions trigger the rule.

In Warn mode for a URL pattern where you are not checking for content pattern matches, the end-user will see your warning banner and they can dismiss the banner by clicking the button. Clicking the button re-adds the contents to the clipboard. Push will not redact any content from their clipboard. If a paste operation was blocked, the end-user will need to retrigger the paste.

In Warn mode where you are checking for a content pattern match, Push will give the end-user the option to dismiss the banner and copy their original clipboard content, or use only the redacted version of the content, removing the matched sensitive content. A paste operation will need to be re-triggered.

In Block mode for a URL pattern where you are not checking for content pattern matches, the end-user will see your blocking banner and their clipboard contents will be cleared.

In Block mode where you are checking for a content pattern match, Push will redact the matched sensitive content and only allow the end-user to use the redacted content. A paste operation will need to be re-triggered.

Note: Push will ignore copies and pastes to and from password inputs so that these are never captured.

You can choose to capture clipboard content. By default, content is not captured.

Go to Advanced settings in the control configuration slideout and select Full content capture. With this option enabled, you can choose to receive full content, truncated after 200KB, or capture content with PII masked.

This feature is available on all browsers that Push supports, except Safari.