Managing Watermarks
Enterprise documents often contain watermarks ("Confidential", "Draft", "Property of X") injected by Document Management Systems (DMS) or third-party tools (like DocuSign or Adobe).
While usually benign, watermarks can sometimes trigger security alerts in DocFirewall because they use techniques similar to obfuscation attacks, such as:
- Invisible Text (T3/T9): Placing text in hidden layers or using white-on-white text for tracking.
- Active Content (T2): Using JavaScript to dynamically render the current date or username.
Will my watermarks be flagged?
Visible Watermarks (Safe)
Standard, visible text overlays (e.g., a gray "DRAFT" diagonal text) are generally safe. They are treated as normal document content.
Hidden / Tracking Watermarks (Risk: High)
Some systems inject invisible metadata or hidden text layers to track document leakage. * Trigger: T3 (Obfuscation) or T9 (ATS Manipulation). * Reason: DocFirewall detects text that is present in the file structure but not visible to the user, assuming it might be a prompt injection or SEO poisoning attempt.
Dynamic Watermarks (Risk: High)
Watermarks that use PDF Scripts (JavaScript) to update automatically. * Trigger: T2 (Active Content). * Reason: Executable code in PDFs is a primary vector for malware.
Smart Watermark Bypass
DocFirewall v0.2+ includes a allow_hidden_watermarks setting. When enabled (default), the scanner will ignore hidden text anomalies if the text matches common watermark patterns.
Keywords ignored: confidential, draft, internal use, property of, copyright, do not copy, generated by.