search cancel

Incidents are not being created as expected on DLP endpoints over HTTPS channels when using IP filter exclusions in a recipient pattern

book

Article ID: 174903

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

  • You have a policy that should create an incident on a DLP endpoint via https channel, however, none is created.
  • You receive incidents on the same policy when testing the same data on the http channel
  • You are using IP addresses as an exclusion filter criteria

Cause

The IP address exclusion list in the recipient pattern is terminated with a comma, instead of ending with the last IP address value only:

Environment

15.5 MP1

Resolution

Removing the comma at the end of the IP address exclusion list in the recipient pattern and saving the policy resolves the issue.

This behavior will be fixed in a later version of the DLP product.

Attachments