Skip to main content

Quick Start

Get up and running with Clipboard Monitoring in 4 steps.

Enable Monitor
Platform: macOS / Windows
Content: text enabled
Status: active
Choose Content Types
Text: monitored
Files: — off by default
Images: — off by default
Set DLP Policies
PII detected: block
Credentials: block
Custom rules: configurable
Monitor Events
Events forwarded: 142
Blocked: 3
Prompted: 1
QuilrAI

1. Enable the Monitor

The clipboard monitor runs as part of the Sentinel endpoint agent and starts automatically on deployment.

PlatformRequirement
macOSGrant Accessibility permission to the Sentinel process in System Settings → Privacy & Security
WindowsNo additional permissions required

Deploy the Sentinel agent via MDM or GPO. The clipboard monitor activates immediately.

2. Choose Content Types

Navigate to Clipboard Monitor → Settings in the dashboard to configure which clipboard operations to intercept.

SettingDefaultDescription
Monitor textOnCaptures plain text and rich-text clipboard copies
Monitor filesOffCaptures file-path clipboard events
Monitor imagesOffCaptures image clipboard events
Debounce window100 msSuppresses repeated events within this window
Max payload size10 KBPayload forwarded to the extension is capped at this size

Changes are pushed to the endpoint agent and take effect on the next agent restart.

3. Set DLP Policies

Define rules in the browser extension under DLP Policies → Clipboard. Rules match on content category, size, or custom regex patterns.

ActionWhat Happens
AllowClipboard operation completes silently; event is logged
BlockEndpoint clears the clipboard; user is notified
PromptNative OS dialog asks the user for a justification before continuing

4. Monitor Events

Check Logs under Clipboard Monitor to verify events are flowing and policies are being enforced.

  • Event volume: clipboard events detected and forwarded per hour
  • Policy decisions: allow, block, and prompt counts by content type
  • Justification text: user responses to prompted events
  • Enforcement outcomes: confirmation of block and clear actions on the endpoint

Next step: See the Architecture for the full detection and enforcement pipeline.