How to Exclude / Whitelist URL in Symantec Data Loss Prevention

book

Article ID: 171330

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Customer would like to exclude URL from scan.

Resolution

This can be done multiple ways

  • Via Policy
  • Via Protocol
  • Via Agent Configuration

Via Policy

  1. Under Policies in the Enforce UI, click on the Policy you want to modify 
  2. Click Add Exception
  3. Set the exclusion to Identity > Recipient Matches Pattern 
  4. Click 'Next' 
  5. In the URL Domain field add the domain you want to exclude; for the domain (example yahoo.com or mail.yahoo.com)

Via Protocol 

  • Click System > Setting > Protocol 
  • Select protocol ex: HTTP drop down
  • Click Filtering header
  • Use the Minus Sign for exclusions
  • -symantec.com to exclude scanning symantec.com

Via Agent Configuration

  • Click System > Setting > Agent Configuration
  • Select configuration
  • Scroll down to Filter by Network Properties
  • Use the Minus Sign for exclusions
  • -symantec.com to exclude scanning symantec.com | Wild cards can also be used to assist with redirects such as -*.symantec.com*

Additional Information

Frequently we are presented with exclusions not working when attempting to use <-abc.com/mydirectory> 

Subdirectory functionality is not allowed and will not work.

You cannot add subdirectories to the domain, you can only exclude the domain itself.

Allowed

+-abc.com

+-www.abc.com

Not allowed

+-abc.com/anythingelse

+-www.abc.com/subdirectory 

Feature requests have been provided for this functionality and were denied as the computational power required to provide this functionality is too great to be practical at this time.