Configuring Data Loss Prevention Exceptions

DLP exceptions apply to the entire policy, including all rules defined within the policy. Data Loss Prevention applies the exception settings to all transmissions before scanning for digital assets. If a transmission matches one of the exception rules, Data Loss Prevention immediately allows or scans the transmission depending on the exception type.

  1. Go to the Configure Policy screen by performing one of the following:
    • Classic Mode: Go to SECURITY AGENTS and select a group. Click > Configure Policy.

    • Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.

  2. Click Windows.
  3. Go to Data Loss Prevention.
  4. Click Exceptions.
  5. Under Non-monitored Targets, configure any required settings.
    1. Click Add Target.
    2. Specify the network channel.
      • Email clients: Specify the target using the X500 format (for internal communication only) or the recipient's email domain or address

        Target Format

        Examples

        X500

        /o=company

        /o=company/ou=subdomain/cn=recipients/cn=user

        Email domain or address

        company.com

        user@company.com

      • HTTP, HTTPS, FTP, and SMB protocols: Specify the target by IP address, host name, FQDN, or network address and subnet mask

    3. Optionally provide a note regarding the reason to exclude the target.
    4. Click Add.
  6. Under Non-monitored Removable Storage Devices, configure any required settings.
    1. Click Add Device.
    2. Specify the vendor name of the device and optionally specify the device model and serial ID.

      Download and run the Device List Tool on an endpoint to obtain information about the external devices connected to the endpoint.

      For details on how to use the tool, see Running the Device List Tool.

    3. Click Add.
  7. Under Compressed File Scanning, configure any required settings.

    For details on decompression rules, see Decompression Rules.

  8. Click Save.