You need to prevent Symantec Data Loss Prevention (DLP) from scanning a specific directory or file path—typically to resolve performance issues, avoid conflicts with local applications, or ignore trusted data.

• DLP Release: All supported versions of Symantec DLP.

• Component: DLP Endpoint Agent.

To exclude a specific path from scanning, configure a Monitoring Filter within the Enforce Console.

Step-by-Step Configuration

1. Navigate to Agent Configurations:

   Go to System > Agents > Agent Configuration.

2. Select Configuration:

   Click on the specific configuration profile you wish to modify.

3. Open Channel Filters:

   Click on the Channel Filters tab.

4. Create a New Filter:

   • Locate the Filter by File Properties section.

   • Click Add Monitoring Filter.

5. Configure Filter Logic:

   • Filter Action: Select Ignore.

   • Endpoint Channel: Select the specific channels (e.g., Local Drive, Removable Storage, Network Share) where you want this exclusion to apply.

6. Define the Path:

   • Under File Attributes, select File Path.

   • In the text field, enter the paths you wish to exclude (one path per line).

   • Note: You can use wildcards (*) and environment variables to ensure coverage across different user profiles.

Examples of Path Syntax

7. Save and Deploy:

   • Click Save at the top of the Agent Configuration page.

   • On the main Agent Configuration list, select the config and click Apply Configuration (or Update) to push the changes to the endpoints.

Important: Filter Priority

The DLP Agent processes filters based on their Order in the list. If a "Monitor" filter is listed above an "Ignore" filter for the same path, the agent will continue to scan the path. Always ensure your "Ignore" filters are prioritized (moved to the top) if you encounter conflicting rules.

Configuring file filters

About agent configurations