Complete capability catalog

KeepActive DLP features, clearly structured.

A full feature page for endpoint DLP, insider-risk monitoring, forensic evidence collection, analytics, remote response, deployment and Active Directory integration. Capabilities are grouped by function so security, IT and management teams can quickly find the exact controls they need.

Endpoint DLP Live monitoring Analytics On-premises architecture

No package or tariff matrix here. KeepActive DLP is shown as one product capability catalog. Feature availability is handled by endpoint OS and deployment configuration: Windows is the primary full-feature endpoint platform, while Linux and macOS agents can have reduced, OS-dependent functionality.

Platform coverage note

Use this page as the full system capability catalog. OS-specific coverage should be validated during deployment planning, especially for endpoint capture channels and device-control features.

Windows endpointsPrimary full-feature endpoint stack for monitoring, DLP controls and investigation workflows.

Linux endpointsReduced feature coverage; includes Linux-specific shell command blocking where configured.

macOS endpointsReduced feature coverage compared with the full endpoint stack; availability depends on channel and control type.

Server sideOn-premises deployment with Windows/Linux server options and SQL database storage.

Capability groups

135 capabilities shown Back to top

No matching featuresTry another keyword or reset the filters.

Live Monitoring & Remote Response

Real-time endpoint visibility and immediate response actions.

14features

Screen Monitoring

Capture the current screen as a still screenshot or monitor it as a live video stream, with the option to save the session as a video file.

Monitoring Forensics Response

Webcam Monitoring

Capture current webcam snapshots or monitor a live webcam stream, with the option to save the stream as a video file.

Monitoring Forensics Response

Audio and Microphone Monitoring

Monitor microphone and system audio in real time and save captured audio to a file when required.

Monitoring Response

Real-Time Speech-to-Text

Transcribe employee speech in real time and save the conversation as a text file for review and investigation.

Monitoring Forensics Response

Active Processes and Windows

Retrieve the list of active processes and open windows in the user session.

Monitoring Response

Monitoring Pause and Resume

Pause and resume live monitoring sessions whenever operational policy requires it.

DLP Monitoring Response

Suspicious Event Response

Notify users and operators about important security-relevant events through tray and browser notifications with sound, with optional SMS and email alerts.

Monitoring Communications Response

Telegram and VK Teams Integration

Send alerts about important events to a personal messenger chat; alerts can include supporting screen captures for faster triage.

Monitoring Communications Response

Instant Messages to Users

Send instant messages directly to endpoint users from the security console.

Monitoring Response

Endpoint File Search

Instantly search for words, phrases, and regular expressions in files located on client machines.

Monitoring Response

Keyboard and Mouse Lock

Immediately lock a user’s keyboard and mouse while a security situation is being clarified.

Monitoring Response

Timed Workstation Lock

Apply an emergency workstation lock for a defined period while an incident is being investigated.

Monitoring Forensics Response

Remote File Browser

Remotely retrieve selected files from a client machine for investigation or administrative purposes.

Monitoring Forensics Response

Remote Administration

Run selected administrative functions online through the management interface.

Monitoring Response

Monitoring, Analytics & Forensics

Reports, behavioral analytics, evidence capture and investigation workflows.

50features

AI Oracle or Summary Analytics

Generate summary analytics across monitoring data using generative AI.

Monitoring Analytics AI

AI File Classification

Classify outbound files with LLM-based AI, including a concise document summary and category-level risk assessment.

Monitoring Analytics AI

Analytics Workspace

Use a powerful multifunctional analytics module for workforce analytics, productivity analysis, and security review.

Monitoring Analytics

Encrypted Forensic Black Box

Continuously record screen video and microphone or peaker audio, store it encrypted on employee machines, and use it later for detailed incident investigation.

Monitoring Analytics Forensics

Face Recognition Report

Periodically analyze employee webcam images to confirm presence and identify possible substitution by another person. Processing is performed by an in-house offline neural-network engine.

Monitoring Analytics AI Identity

User Risk and Productivity Analyzer

Use configurable profiles and dictionaries to classify work as productive, unproductive, or risky. The analyzer includes classification for more than 13 million website domain names.

Monitoring Analytics Identity

Employee Risk Scoring

Calculate employee risk levels using three mathematical scoring methods as an extension of the Risk Analyzer report.

Monitoring Analytics

Global Search

Search across the entire database for tags, keystroke-log words, window titles, applications, and websites, with fast navigation to the relevant employee screenshots for the matching time interval.

Monitoring Analytics Deployment

Template-Based Search

Create reusable search templates from multiple search criteria for repeatable investigations.

Monitoring Analytics

Categories and Deviations Report

View statistics by resources, categories, and deviations from average employee values.

Monitoring Analytics

Employee Summary Report

Review a specific employee’s activity through clickable pie charts and drill down into productivity details.

Monitoring Analytics

Simplified Summary Report

View an employee summary in tabular form and export it to Excel.

Monitoring Analytics

Activity Timeline

Use a graphical timeline to understand what the user was doing, when, and to what extent.

Monitoring Analytics

Activity Comparison

Compare activity metrics through a text-based representation of the Activity Timeline report.

Monitoring Analytics

Keystroke Dynamics

Analyze typing patterns to help assess the employee’s state at the workstation and detect possible account or workstation substitution.

Monitoring Analytics

Machine Time

See how long employee computers were powered on.

Monitoring Analytics

CPU or GPU Utilization

Review time-based CPU or GPU utilization to identify abnormal resource usage, including potential cryptocurrency mining.

Monitoring Analytics

User Time and Attendance

Analyze daily user activity, absences, late arrivals, popular applications and websites, and synchronize data with Outlook calendar and physical access control systems (PACS/ACS).

Monitoring Analytics Response

Time and Attendance Sheet

Generate a standard working-time sheet using computer activity or PACS/ACS data, including absences, late arrivals, workday start and end times, and total worked time.

Monitoring Analytics

Physical Access Control Event Details

Show actual employee entry and exit events from the physical access control system. The current version supports Sigur (Sphinx).

Monitoring Analytics Response

Application Usage

See which applications an employee actively used and for how long.

Monitoring Analytics

Website Monitoring

Review websites visited by an employee.

Monitoring Analytics

Typed Text Capture

Capture text entered across applications and websites.

Monitoring Analytics Forensics

Clipboard Activity

Capture text, files, and images placed in the clipboard.

DLP Monitoring Analytics Forensics

Search Queries

Review search queries made in Google, Yandex, and other search engines.

Monitoring Analytics

Voice Communications

Capture and record voice conversations in supported applications, including Skype, Lync, Viber, Telegram, Bitrix Desktop, Mail.ru Agent, Microsoft Teams, Zoom, Slack, Myteam, Cisco Webex Teams, WhatsApp Desktop, eXpress Desktop, VK Teams (Cloud) Desktop, WeChat Desktop, Jazz Desktop, MTS Link Desktop, Yandex Messenger Desktop, and Max.

Monitoring Analytics Forensics Communications

Voice and Speech Recognition

Convert captured voice into text and review it as a text file.

Monitoring Analytics Communications

Messenger Text Messages

Capture text messages from supported messengers, including Telegram Desktop/Web, Skype, Microsoft Teams, WebSkype, Lync, Viber, Bitrix Desktop/Web, Slack, Myteam, Cisco Webex Teams, WhatsApp Desktop/Web, corporate eXpress, VK Teams (Cloud) Desktop/Web, Yandex Messenger, TrueConf, DION, and Max.

Monitoring Analytics Forensics Communications

Conversation Analyzer

Analyze messenger conversations with generative AI to identify topics, risks, and investigation-relevant context.

Monitoring Analytics Forensics AI Communications

Bitrix24 Chat Messages

Capture correspondence in Bitrix24 Desktop and on Bitrix24 websites, including cloud and on-premises corporate versions.

Monitoring Analytics Forensics Communications Deployment

Email and Attachments

Capture inbound and outbound email with attachments across Microsoft Outlook with Exchange/IMAP/POP3/SMTP, with or without encryption; IBM Lotus Notes outbound mail; Outlook Express, Thunderbird, The Bat!, Mail via POP3/SMTP, with or without encryption; and supported webmail services including Rambler, Mail, and Yandex.

Monitoring Analytics Forensics Communications

Internet File Transfers

Capture and retain files sent through browsers, email clients, Skype, Lync, popular messengers, and FTP/FTPS, with the option to block outbound transfer.

DLP Monitoring Analytics Forensics Communications

File Operations

Capture file copy, delete, and move operations. When files are copied to removable media, shadow copying can be enabled. WebDAV is supported.

DLP Monitoring Analytics Forensics

Screenshots

Capture screenshots with flexible configuration, including screenshots on window switches and browser tab changes.

Monitoring Analytics Forensics

Video from Screenshot Timeline

Generate continuous video from screenshots for playback in a browser or media player.

Monitoring Analytics Forensics

Print Control and Cost Allocation

Capture printed files in spooler format and calculate print costs based on configured tariffs.

Monitoring Analytics Forensics Response

Suspicious Events Report

Record administrator-defined suspicious events, including application launches, website access, and typed text with fuzzy word matching. Screen video can be recorded when an event is triggered.

Monitoring Analytics

Employee Report Search

Search within generated employee reports using fuzzy word matching.

Monitoring Analytics

Webcam Recording

Automatically capture webcam images from employee machines and store them on the server.

Monitoring Analytics Forensics Deployment

Microphone Recording

Continuously record microphone audio and store audio files on the server, with optional voice-activated recording.

Monitoring Analytics Forensics Communications Deployment

Contacts Report

View the list of contacts with whom an employee communicated by email, Skype, and chats.

Monitoring Analytics Forensics Communications

Relationship Graph Report

Visualize the Contacts report as a convenient relationship graph.

Monitoring Analytics Forensics

3D Relationship Graph Report

View the relationship graph in a 3D representation.

Monitoring Analytics

Online Users Report

See when specific users were connected to the server.

Monitoring Analytics Deployment

Geolocation

Locate laptops on Google Maps and determine external IP address, country, and city.

Monitoring Analytics Forensics

Installed Software License Control

Track the number of software installations across the company to identify potentially unlicensed software.

Monitoring Analytics Response

Hardware and Software Inventory

Track hardware changes and installed or removed software on endpoint machines.

Monitoring Analytics

File Search Report

Review results of automatic periodic searches for words, phrases, and regular expressions in files on client machines.

Monitoring Analytics

System Health

Monitor key health indicators for the database, servers, file storage, and client endpoints.

Monitoring Analytics Deployment

SQL-Based Reports (AI+)

Build custom reports from the SQL database; AI can generate SQL queries from a natural-language description.

Monitoring Analytics AI Deployment

Endpoint DLP & Data Protection Controls

Policy enforcement across files, channels, devices, screen, print and communications.

33features

Anti-Photo Protection

Protect critical applications and websites against camera-based screen exfiltration, such as photographing the PC screen with a smartphone.

DLP Monitoring

Screen Sharing and Screenshot Tool Protection

Protect critical data from screen sharing through video conferencing systems and from screenshot utilities.

DLP Monitoring Forensics

Endpoint 2FA Triggers

Apply different two-factor authentication challenges on client machines based on selected endpoint events.

DLP Response Identity

Voice DLP

React in real time when configured sensitive words or phrases are spoken during voice calls in supported messengers.

DLP Communications

AI Voice Call Summarizer

Generate AI summaries of captured voice and video-conference calls with detailed content analysis, sentiment detection, speaker diarization, and other insights.

DLP AI Communications

Invisible Watermarks for Images

Embed hidden watermarks into PrintScreen images to support attribution when captured content is later discovered in open sources.

DLP

Visible Watermarks for Print and Screen

Apply visible watermarks to printed pages and overlay them on screen while users work with critical applications and websites.

DLP Monitoring

Content-Based Document DLP

Generate a DLP event or block an action when documents containing configured keywords or phrases are opened, uploaded to the internet, printed, copied to removable media, or copied to the clipboard. Supported formats include .docx, .xlsx, .odt, .ods, .sxw, .pptx, .odp, .txt, .csv, .pdf, .doc, .xls, .ppt, .rtf, and .zip. Detection supports fuzzy text matching and templates such as credit cards, contact data, and custom PCRE regular expressions.

DLP Monitoring Response

File Format-Based DLP

Analyze files by actual format rather than content, including drawing formats, CAD files, and other sensitive file types.

DLP

AI Classification-Based DLP

Generate DLP incidents based on AI classification of outbound documents, using configurable categories.

DLP AI

Encrypted Quarantine

Place files blocked by DLP policies into encrypted quarantine.

DLP Response

Outlook Folder Scanning

Scan Outlook Drafts, Meetings, and Tasks folders for confidential attachments, with optional removal of detected files.

DLP

Document Marking

Protect documents from outbound transfer using hidden document markers that can survive resaving and partial content copying. Source formats include PDF, DOCX, XLSX, and PPTX, with support for resaving into OpenOffice formats such as ODT, ODS, and SXW.

DLP

Full or Partial File Transfer Blocking

Block full or partial file transfers through file-sharing websites, webmail and email clients, chats, and social networks.

DLP Communications Response

Face Recognition and Employee Substitution Detection

Alert the security officer when another employee or an unauthorized person appears to replace the expected employee at the workstation. Face recognition uses an in-house offline neural-network engine.

DLP AI Response Identity

Webcam Tamper Protection

Lock the screen and notify the user if the webcam is covered or taped over while face recognition is enabled.

DLP Monitoring Response Identity

Unauthorized Presence Workstation Protection

Lock the computer if face recognition detects another person at the employee’s workstation, and keep it locked until the employee logs in again.

DLP Response Identity

Atypical User Behavior Alerts

Notify a manager when atypical activity is detected, such as unusual file copying, transfer or deletion, clipboard copying, or browser tab activity. Thresholds are configured by the administrator.

DLP Monitoring Identity

File Fingerprinting

Use digital file fingerprints in search and DLP operations to detect known sensitive files and related content.

DLP

OCR for Documents and Scans

Inspect documents and scans with an embedded offline OCR engine and block outbound transfer when a DLP policy match is detected.

DLP Response

Personal Photo Detection in Documents

Block outbound transfer of files containing documents with personal photos.

DLP Response

Periodic Screenshot OCR

Periodically analyze user screens with OCR to detect sensitive text on screen, generate DLP policy matches, and trigger configured responses.

DLP Monitoring Forensics

Crypto Wallet Address Monitoring

Monitor cryptocurrency wallet addresses in the clipboard, perform risk analysis, and optionally block risky activity.

DLP Monitoring Response

Clipboard and PrintScreen Control

Block clipboard use completely or restrict only the PrintScreen key.

DLP Monitoring Response

Web Access Control

Block access to selected websites in supported browsers.

DLP Response

FTP Control

Block file upload and download over the FTP protocol.

DLP Response

Wi-Fi, Bluetooth and USB Modem Blocking

Block network connectivity through Wi-Fi, Bluetooth, or USB modem connections.

DLP Response

RDP Blocking

Block inbound Remote Desktop Protocol (RDP) connections to the computer.

DLP Response

USB Device Control

Control USB devices such as cameras, smartphones, removable drives, Bluetooth/Wi-Fi adapters, and modems, with allowlists and exceptions.

DLP Response

Application Allowlist and Denylist

Allow or block application launches according to configured allowlists and denylists.

DLP Response

Removable Storage Control

Block write access to removable media or block access to removable media completely.

DLP Response

Linux Shell Command Blocking

Block selected commands in the Linux terminal.

DLP Response Linux-specific

Syslog and SIEM Integration

Forward security messages and events to an external server over syslog for integration with third-party SIEM systems.

DLP Deployment SIEM

Architecture, Deployment & Administration

On-premises architecture, scale, storage, access control and deployment mechanics.

26features

On-Premises Deployment

Deploy the server components directly in the customer’s own infrastructure.

Deployment

Client-Server Architecture

Client endpoints send data to the server for storage and processing in the central database.

Deployment

Windows, Linux and macOS Client Support

Client agents are available for Windows, Linux, and macOS. Server components are available for Windows and Linux.

Monitoring Deployment

Multi-Server Support

Run multiple servers connected to a single central database.

Deployment

Secondary Server IP Address

Configure an additional external server IP address for connectivity, useful when employee laptops leave the office perimeter.

Deployment

DMZ-Friendly Server Deployment

Operate the server through an nginx reverse proxy behind a demilitarized zone (DMZ), supporting secure remote employee scenarios.

Deployment

Terminal Server and Thin Client Support

Use thin software clients while server-side processing handles the main workload, avoiding issues in terminal sessions.

Deployment

Physical and Virtual Environment Support

Run both clients and servers on physical machines or virtual infrastructure.

Deployment

SQL Database Options

Store monitoring data in a SQL database on the server machine. Microsoft SQL Server and PostgreSQL are supported.

Monitoring Deployment

Local Data Buffering

When server connectivity is unavailable, monitoring data is buffered in a local SQLite database and delivered reliably after the connection is restored. Local retention depth is configurable.

Monitoring Deployment

On-Demand Data Collection

For very large fleets, defer collection from all clients and request monitoring data only from selected machines when needed.

Monitoring Deployment

High-Scale Deployment

Support large deployments with modest system requirements; the server and database can handle more than 20,000 client connections.

Deployment

Traffic Throttling

Limit client-to-server traffic under high load and during periods of many simultaneous connections.

Deployment

Remote Web Monitoring

Run online and offline monitoring through a web browser regardless of operator location.

Monitoring Deployment

Remote Silent Installation

Install the client on remote machines in a mode hidden from the employee, using one of four supported methods.

Deployment

Server and Database Instancing

Install multiple server and database instances on the same server machine.

Deployment

Prevent users from simulating activity by holding down keyboard keys.

Monitoring Response

Panic Button

Quickly shut down or lock all computers, or run a server-side script, via a command sent through Telegram or VK Teams.

Communications Response Deployment

Employee Report Delivery

Allow employees to receive daily scheduled reports about their own work by personal email.

Analytics Communications

Manager Report Delivery

Automatically generate scheduled reports for managers about their direct reports and deliver them by email, FTP, Dropbox, and other supported methods.

DLP Analytics Communications Identity