How to exclude users from policy rules.

book

Article ID: 160716

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Policies are detecting and blocking confidential information being sent out via email attachment by users that should be permitted to send this confidential information.

Resolution

Open the policy in question that is triggering the incidents and blocking confidential information being sent.

1. Set an exception on the Detections tab of the policy for the relevant user's actions*.
2. Open the policy in question.
3. On the Detection tab click on the Add Exception button
4. Under Protocol check the option Protocol or Endpoint Monitoring
5. Then click on the Next button.
6. Enter an Exception Name
7. Under Conditions select the options required by ticking each box required. eg. HTTP, SMTP, Local Drive, Removable Storage, Copy to Network Share, Clipboard,..etc.
8. Go to the bottom and select the dropped Also Match down box and look for and select Sender/User Matches Pattern
9. Click on Add button
10. A new box will appear on screen for Sender Pattern, enter the domain username of the users you want to exclude from the policy.
11. Click OK button to finish.

-------------------------------

 

*Article update - The proper way is actually to use the Groups tab to create the exception for specific Senders/Recipients, which then applies the exception as an "AND'd" rule - mapping it to all Rules and Conditions in the Detection tab for the Policy.