Exclude / Whitelist URLs from inspection in DLP
search cancel

Exclude / Whitelist URLs from inspection in DLP

book

Article ID: 171330

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

You want to exclude one or more URLs from inspection/scan in Symantec Data Loss Prevention (DLP).

Resolution

This can be done in multiple ways.

  • Via Policy
  • Via Protocol
  • Via Agent Configuration

 

Via Policy

  1. Open the desired policy and on the Detection tab, click "Add Exception".
  2. Select "Protocol or Endpoint Monitoring" under the "Protocol" section and click "Next".
  3. Give the exception a name.
  4. Under "Conditions" select the desired protocols.
  5. Scroll down to "Also Match" and select "Recipient Matches Pattern" from the dropdown list.
  6. Click the "Add" button.
  7. Select "Recipient Pattern" and enter your desired URL in the "URL Domain" field and/or the "Email Address/Newsgroup Pattern" field.
  8. Select the desired "Match Counting" options.
  9. Click the "OK" button.

Via Protocol 

  1. Click System > Setting > Protocol.
  2. Select protocol ex: HTTP dropdown.
  3. Click Filtering header.
  4. Use the minus sign for exclusions
    -symantec.com to exclude scanning symantec.com

Via Agent Configuration

  1. Click System > Agents > Agent Configuration.
  2. Select the desired agent configuration.
  3. Select the "Channel Filters" tab.
  4. Scroll down to Filter by Network Properties to add the exclusions.
  5. Use the minus sign for exclusions:
    -example.com to exclude scanning example.com
    Wild cards can also be used to assist with redirects such as -example.com*

    Of note: using the asterisk at the end of a domain TDL will also allow matches on "non-standard" ports if they are present in the URL.
    For more on that, see KB Domain Filter (HTTP, HTTPS) in Agent Configuration not working when websites port number is changed (broadcom.com).

Additional Information

Frequently we are presented with exclusions not working when attempting to use <-example.com/mydirectory> 

Subdirectory functionality is not allowed and will not work.

You cannot add subdirectories to the domain, you can only exclude the domain itself.

Allowed:

+example.com  or -example.com

+www.example.com or -www.example.com

Not allowed:

+example.com/anythingelse or -example.com/anythingelse

+www.example.com/subdirectory or -www.example.com/subdirectory 

Feature requests have been provided for this functionality and were denied as the computational power required to provide this functionality is too great to be practical at this time.