Agent domain filtering exclusions and inclusions
search cancel

Agent domain filtering exclusions and inclusions


Article ID: 172477


Updated On:


Data Loss Prevention Endpoint Prevent


  • Data Loss Prevention
  • Agent configuration
  • Not all the domains that are listed in "Filter by Network Properties" work
  • Incidents are in the process of creation for some of the domain filters that are supposed to be excluded
  • Incidents being created for the addresses that are listed in "Filter by Network Properties"

Agent configuration of inclusions and exclusions

  • Click System > Setting > Agent Configuration
  • Select configuration
  • Scroll down to Filter by Network Properties
  • Use the minus sign for exclusions and plus sign for inclusions
  • to exclude scanning
    • ‚ÄčOr
  • to include scanning
    • Or
  •,,* to exclude a subdomain and then include the rest of the domain

In this example, still generates incidents.

The following is an example of domain filters

Domain Filter        := <Domain Filter Entry> [,<Domain Filter Entry>]
Domain Filter Entry  := {*|{-|+}<metadata value>}



An invalid character in the domain filter list.

A question mark, "?", at the end of one of the domains in the list.

All domains after that invalid character are not parsed.


Remove the invalid character from the domain list.

After which, all the domains that are listed in the "Filter by Network Properties" will be properly parsed. No incidents wil be created for the excluded domains.

Additional Information

Note: URLs may include non-standard ports, especially for applications using HTTP. In such cases, entries in the Domain Filters list will not match the URL reported. For this situation, see Domain Filter (HTTP, HTTPS) in Agent Configuration not working when websites port number is changed (

For more information, this KB is also a good reference: Exclude / Whitelist URLs from inspection in DLP (