Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Create DLP Policy to Add Exception to Ignore Emails Send to Internal Users

Created: 07 Apr 2012 • Updated: 12 Apr 2012 | 5 comments
Language Translations
yang_zhang's picture
+6 6 Votes
Login to vote

We can configure DLP policy so that it doesn't monitor the emails that send to the internal users.

Think about such scenario: the confidential docs can be send to the internal users for reviewing, but, these docs cannot be send to the outside of the company, or, should be encrypted before hand out.

Here are the steps:

1. Open a existing policy that should not create incident for internal users.

2. Under 'Detection' tab, click 'Add Exception' button:

3. Select 'Protocol or Endpoint Monitoring' under 'Protocol':

4. Choose 'Email/SMTP' under 'Protocol', on the 'Also Match' list, choose 'Recipient Matches Pattern':

5. Under 'Matches Pattern' section, in the 'Recipient Pattern' box, input the name of the internal email domain:

Note: there should be an '@' added before the domain name.

6. Finally, the policy should be look like this:

 

Comments 5 CommentsJump to latest comment

stephane.fichet's picture

take care that with this policy if i send an email to myself (using my internal email address) and a gmail account, you wont raise any incident.

better to request ALL recipient to be in @internal.com domain. (checking right box in "recipient matches pattern" rules).

0
Login to vote
new_dlp's picture

good example to use the DLP policy.

0
Login to vote
mohammed.mazher's picture

question, why do I need to out @before domain name...

Thanks

Mohammed Mazher

 

0
Login to vote
R@mj0's picture

hi.

i want to know, when it comes to automated report.

once the report schedule,but there is no report through the specific user. SHARED/PRIVATE report???

0
Login to vote
emil.dutsov's picture

Just a note:

Keep in mind that in that way emails sent to external domain/company and having even one internal reciepent will not be scanned at all.
For exapmle: important document sent to external counterpart with internal team member in cc.
 

0
Login to vote