ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Agent domain filtering exclusions and inclusions
Article ID: 172477
Updated On:
Products
Data Loss Prevention Endpoint Prevent
Issue/Introduction
- Data Loss Prevention
- Agent configuration
- Not all the domains that are listed in "Filter by Network Properties" work
- Incidents are in the process of creation for some of the domain filters that are supposed to be excluded
- Incidents being created for the addresses that are listed in "Filter by Network Properties"
Agent configuration of inclusions and exclusions
- Click System > Setting > Agent Configuration
- Select configuration
- Scroll down to Filter by Network Properties
- Use the minus sign for exclusions and plus sign for inclusions
- -symantec.com to exclude scanning symantec.com
- Or
- +symantec.com to include scanning symantec.com
- Or
- -example.symantec.com,+symantec.com,* to exclude a subdomain and then include the rest of the domain
In this example, symantec.com still generates incidents.
The following is an example of domain filters
Domain Filter := <Domain Filter Entry> [,<Domain Filter Entry>]
Domain Filter Entry := {*|{-|+}<metadata value>}
You cannot use ports in the inclusions nor exclusions.
Cause
An invalid character in the domain filter list.
A question mark, "?", at the end of one of the domains in the list.
All domains after that invalid character are not parsed.
Resolution
Removed the invalid character from the domain list.
After which, all the domains that are listed in the "Filter by Network Properties" get properly parsed. No incidents were created for the excluded domains.
Note: We do not monitor or exclude ports separately. You cannot add www.symantec.com:9900 or similar entries.
Feedback
Yes
No
Powered by
