Views:
DLP exceptions apply to the entire policy, including all rules defined within the policy. Data Loss Prevention applies the exception settings to all transmissions before scanning for digital assets. If a transmission matches one of the exception rules, Data Loss Prevention immediately allows or scans the transmission depending on the exception type.

Procedure

  1. Go to the Configure Policy screen by performing one of the following:
    • Classic Mode: Go to SECURITY AGENTS and select a group. Click more-horiz.jpgConfigure Policy.
    • Advanced Mode: Go to POLICIESPolicy Management. Click Add or click an existing policy.
  2. Click window8.jpg Windows.
  3. Go to Data Loss Prevention.
  4. Click Exceptions.
  5. Under Non-monitored Targets, configure any required settings.
    1. Click Add Target.
    2. Specify the network channel.
      • Email clients: Specify the target using the X500 format (for internal communication only) or the recipient's email domain or address
        Target Format
        Examples
        X500
        /o=company
        /o=company/ou=subdomain/cn=recipients/cn=user
        Email domain or address
        company.com
        user@company.com
      • HTTP, HTTPS, FTP, and SMB protocols: Specify the target by IP address, host name, FQDN, or network address and subnet mask
    3. Optionally provide a note regarding the reason to exclude the target.
    4. Click Add.
  6. Under Non-monitored Removable Storage Devices, configure any required settings.
    1. Click Add Device.
    2. Specify the vendor name of the device and optionally specify the device model and serial ID.
      Download and run the Device List Tool on an endpoint to obtain information about the external devices connected to the endpoint.
      For details on how to use the tool, see Running the Device List Tool.
    3. Click Add.
  7. Under Compressed File Scanning, configure any required settings.
    For details on decompression rules, see Decompression Rules.
  8. Click Save.