ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to Exclude / Whitelist URL in Symantec Data Loss Prevention


Article ID: 171330


Updated On:


Data Loss Prevention Enforce Data Loss Prevention Data Loss Prevention Endpoint Prevent


Customer would like to exclude URL from inspection/scan.


This can be done multiple ways

  • Via Policy
  • Via Protocol
  • Via Agent Configuration

Via Policy

  1. Under Policies in the Enforce UI, click on the Policy you want to modify 
  2. Click Add Exception
  3. Set the exclusion to Identity > Recipient Matches Pattern 
  4. Click 'Next' 
  5. In the URL Domain field add the domain you want to exclude; for the domain (example or

Via Protocol 

  • Click System > Setting > Protocol 
  • Select protocol ex: HTTP drop down
  • Click Filtering header
  • Use the Minus Sign for exclusions
  • to exclude scanning

Via Agent Configuration

  • Click System > Setting > Agent Configuration
  • Select configuration
  • Scroll down to Filter by Network Properties
  • Use the Minus Sign for exclusions
  • to exclude scanning | Wild cards can also be used to assist with redirects such as -**

Additional Information

Frequently we are presented with exclusions not working when attempting to use <> 

Subdirectory functionality is not allowed and will not work.

You cannot add subdirectories to the domain, you can only exclude the domain itself.


Not allowed 

Feature requests have been provided for this functionality and were denied as the computational power required to provide this functionality is too great to be practical at this time.