Data Loss Prevention HTTP/HTTPS Endpoint exclusion not working properly

book

Article ID: 160679

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Symantec Data Loss Prevention Endpoint

In the endpoint agent configuration, you have added a filter to exclude a particular domain, similar to: -*.domain.com.
However, you still receive incidents for requests to the excluded domain, when a custom port is in use (such as https://domain.com:8000).

Cause

This behavior is expected.
The filter directly parses the URL of the request.
Since http://domain.com:8000 does not literally match *domain.com (due to the custom port), the exception is not triggered.

Resolution

  • You can override this behavior by adding the port number to the filter string, e.g. -*domain.com:8000.
  • If you need to add multiple ports for the same domain, you can use a wildcard for the port as well, e.g. -*domain.com:*.

Note that in the latter case, the filter only matches URLs that have a specified port number. You need to add this filter in addition to the original filter without a port number (-*domain.com:*, -*domain.com).