search cancel

Agent domain filtering exclusions and inclusions


Article ID: 172477


Updated On:


Data Loss Prevention Endpoint Prevent


  • Data Loss Prevention
  • Agent configuration
  • Not all the domains that are listed in "Filter by Network Properties" work
  • Incidents are in the process of creation for some of the domain filters that are supposed to be excluded
  • Incidents being created for the addresses that are listed in "Filter by Network Properties"

Agent configuration of inclusions and exclusions

  • Click System > Setting > Agent Configuration
  • Select configuration
  • Scroll down to Filter by Network Properties
  • Use the minus sign for exclusions and plus sign for inclusions
  • to exclude scanning
    • ‚ÄčOr
  • to include scanning
    • Or
  •,,* to exclude a subdomain and then include the rest of the domain

In this example, still generates incidents.

The following is an example of domain filters

Domain Filter        := <Domain Filter Entry> [,<Domain Filter Entry>]
Domain Filter Entry  := {*|{-|+}<metadata value>}

You cannot use ports in the inclusions nor exclusions.


An invalid character in the domain filter list.
A question mark, "?", at the end of one of the domains in the list.
All domains after that invalid character are not parsed.


Removed the invalid character from the domain list.
After which, all the domains that are listed in the "Filter by Network Properties" get properly parsed. No incidents were created for the excluded domains.

Note: We do not monitor or exclude ports separately. You cannot add or similar entries.