• Data Loss Prevention
• Agent configuration
• Not all the domains that are listed in "Filter by Network Properties" work
• Incidents are in the process of creation for some of the domain filters that are supposed to be excluded
• Incidents being created for the addresses that are listed in "Filter by Network Properties"

Agent configuration of inclusions and exclusions

• Click System > Setting > Agent Configuration
• Select configuration
• Scroll down to Filter by Network Properties
• Use the minus sign for exclusions and plus sign for inclusions
• -symantec.com to exclude scanning symantec.com
  • ​Or
• +symantec.com to include scanning symantec.com
  • Or
• -example.symantec.com,+symantec.com,* to exclude a subdomain and then include the rest of the domain

In this example, symantec.com still generates incidents.

The following is an example of domain filters

Domain Filter        := <Domain Filter Entry> [,<Domain Filter Entry>]
Domain Filter Entry  := {*|{-|+}<metadata value>}

An invalid character in the domain filter list.

A question mark, "?", at the end of one of the domains in the list.

All domains after that invalid character are not parsed.

Remove the invalid character from the domain list.

After which, all the domains that are listed in the "Filter by Network Properties" will be properly parsed. No incidents wil be created for the excluded domains.

Note: URLs may include non-standard ports, especially for applications using HTTP. In such cases, entries in the Domain Filters list will not match the URL reported. For this situation, see Domain Filter (HTTP, HTTPS) in Agent Configuration not working when websites port number is changed (broadcom.com).

For more information, this KB is also a good reference: Exclude / Whitelist URLs from inspection in DLP (broadcom.com).