Configuring Data Loss Prevention Exceptions
DLP exceptions apply to the entire policy, including all rules defined within the policy. Data Loss Prevention applies the exception settings to all transmissions before scanning for digital assets. If a transmission matches one of the exception rules, Data Loss Prevention immediately allows or scans the transmission depending on the exception type.
-
Go to the Configure
Policy screen by performing one of the following:
-
Classic Mode: Go to SECURITY AGENTS and select a group. Click
> Configure Policy. -
Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
-
-
Click
Windows.
- Go to Data Loss Prevention.
- Click Exceptions.
-
Under Non-monitored Targets, configure any
required settings.
- Click Add Target.
-
Specify the network channel.
-
Email clients: Specify the target using the X500 format (for internal communication only) or the recipient's email domain or address
Target Format
Examples
X500
/o=company
/o=company/ou=subdomain/cn=recipients/cn=user
Email domain or address
company.com
user@company.com
-
HTTP, HTTPS, FTP, and SMB protocols: Specify the target by IP address, host name, FQDN, or network address and subnet mask
-
- Optionally provide a note regarding the reason to exclude the target.
- Click Add.
-
Under Non-monitored Removable Storage
Devices, configure any required settings.
- Click Add Device.
-
Specify the vendor name of the device and optionally specify the device
model and serial ID.
Download and run the Device List Tool on an endpoint to obtain information about the external devices connected to the endpoint.
For details on how to use the tool, see Running the Device List Tool.
- Click Add.
-
Under Compressed File Scanning, configure any
required settings.
For details on decompression rules, see Decompression Rules.
- Click Save.
