Enforcement Exceptions
Enforcement exception includes endpoint IP addresses and URL lists.
Endpoints with IP addresses included in enforcement exception are not assessed against any of the security assessment rules. However, these endpoints will still be quarantined if there are unresolved threats after post-assessment cleanup.
URL lists contain sites that are accessible to quarantined endpoints. Add sites that will help bring these endpoints to compliance or release them from quarantine. For example, allowing access to the Microsoft update site allows a non-compliant endpoint with security vulnerabilities to download the latest patches.
Each URL list contains a list of related sites. A URL list can be added in the Assessment Exceptions screen and in the URL List screen.
To configure enforcement exceptions:
Security Enforcement > Exceptions
In the Endpoints section:
Type an IP address or IP address range. Separate individual IP addresses by commas. Use a dash when specifying an IP address range.
(Optional) Type a comment in the text box.
Click Add to.
Repeat the previous steps to add more IP addresses/ranges. You can add up to 64 IP addresses/address ranges to the list.
In the URL Lists section:
If you have not defined URL lists:
Click Add.
In the screen that opens, type up to 30 characters for the name of the URL list.
(Optional) Type a comment with up to 50 characters.
Type a URL and click Add to.
URLs cannot contain the wildcard character (*).
Repeat the previous step to add more URLs. You can add up to 64 URLs. To remove a URL, click the trash bin icon next to the URL.
Click Save.
Back in the Assessment Exceptions screen, select the URL list you just saved and then click the forward arrow button .
The URL list cannot be modified in this screen. Navigate to Security Enforcement > URL List to make changes.
If you have defined URL lists:
Select a URL list and then click the forward arrow button .
Click Save.
See also: