You have tried to whitelist a domain via the Domain Filter in your Agent configuration, but incidents are still being reported against that domain.

For example, you have whitelisted "example.com" under Agent Configuration > Channel FIlters > Domain filter (HTTP, HTTPS):

-example.com

But you are seeing incidents where the "recipient URL" matches that domain:

https://example.com:9091/file-upload-folder

DLP Endpoint Agents with functioning Browser Extensions reporting "recipient" URLs to the detection engine

A non-standard port number is being used to access the website, which changes the URL being reported - and no longer matches the domain as specified in the filter.

Web traffic using standard ports (8080, 443) is reported with no port indicated in the URL reported by a browser. Thus, these domains can easily be filtered via the DLP Agent Configuration for "Domain Filters".

However, if a web application or user uses a non-standard port number of any HTTP or HTTPS website, that port number is usually reported in the browser as part of the URL, e.g., "https://example.com:9190/file-upload-folder/".

Under Agent Configuration > Channel FIlters > Domain filter (HTTP, HTTPS), enter any domains for which non-standard ports are reported in incidents using the asterisk wildcard after the top-level domain designation:

-example.com*

Agents updated with that configuration will now drop traffic being uploaded to that site, regardless of the port reported by the Browser Extension.

Filter by Network Properties settings (broadcom.com)