Ayuda de vídeo de Screencast

Exception for N/W share.

Created: 29 Abril 2013 • Updated: 05 Mayo 2013 | 14 comments
el cuadro de los DLP Enthusiast
Se ha solucionado este problema. Vea la solución.

Dear All,

I have a scenario with me where I have to provide exception to a set of users for specific network shares.

Is it possible that we can give exception to a user on a specific folder in one of the Network Shares ? ..I have the IP addresses of these network shares and details of the users. 

What is the best way to give them the Exception ..?

Operating Systems:

Comentarios ComentariosIr al último comentario

el cuadro de los vdaddi

Hi Muzammil,

Yes, you can do this

1. Policy>group>Add exception>

2. For Users exception - Sender>Rule name>User details (to whom you want to exclude)

3. Select and Also Match>Recipient Matches Pattern>Enter the n/w shares IP

el cuadro de los DLP Enthusiast

@ vdaddi

I have a situation for you . There is a network share, and a network share has a lot of folders and sub folders. Can I be precised enough to mention the folder name that has to be given exception and access to any other folder or file in the same network share to trigger an incident.

Is there any way I can be precise.. ?

el cuadro de los vdaddi

Muzammil,

Precise...???? ohhhh. some thing out of the box.. 

You can do with the URL match in the 2nd step. Ex: \\fileser01\dlp$

I have not tested this, please test the same and share the results.

el cuadro de los vdaddi

Muzammil,

Try

3. Select and Also Match>Recipient Matches Pattern>Enter the URL of folder Ex:\\Fileserv01\Test$

el cuadro de los DLP Enthusiast

That's a good idea.. But if in case where I have a network share like " \\Fileserv01/abcd/efgh/ijkl " , if I mention this in the URL feild and save the exception. Will I be exempted for the folder "abcd" also ?? When i only want exception for the folder "ijkl"

el cuadro de los vdaddi

Ok, In that case create different share name with different folder path which you want to exclude and add in the expections.

Share.png
el cuadro de los DLP Enthusiast

Can we make the exception by using the IP Address of the N/W share ?

el cuadro de los vdaddi

Yes, we can do exception using ip address.

And you can do at endpoint level, you can add exception in Agent configuration>Filter by Network Properties

el cuadro de los DLP Enthusiast

That would give all users the exception for that particular IP .. I want to be specific ..

el cuadro de los kishorilal1986

Yes, Muzammil u can do this through IP address of N/W share.

I above case where you are asking about Will I be exempted for the folder "abcd" also ??

You need to add exception on Endpoint Agent of network share machine with exception in local files and folders in agent configaration setting.

el cuadro de los DLP Enthusiast

@ KS

The Network Share is not installed with the agent . Moreover i tried using the URL of the Network Share but the error I get is that its an invalid URL .. Why is this ? . I thought this would be successful .

el cuadro de los DLP Enthusiast

Yesterday I tried multiple combinations for giving Exception but failed miserably.

I tried using the URL first and then tried with the IP Address but of no use. Tried using the Enpoint Protocol and then added sender matches pattern and then added recipient mateches pattern but nothing works .. 

Why is this happening ??

el cuadro de los kishorilal1986

Hi Muzami,

Currently, DLP does not support IP filter for Network shares. Network share uses UNC and for DLP it is not considered as network event. You can use IP filter for protocols such as HTTP/FTP traffic.

Endpoint File Copies to and from Network Shares does not currently have the ability to use filters to exclude specific destinations or sources. Advise User to put exception of copy to network share in policy in order to ignore monitoring of Endpoint File Copies to and from Network Share.
Enhancement Request PM-1685 has been created to address this issue.

SOLUCIÓN
el cuadro de los DLP Enthusiast

Thanks KS .. Got know the same thing from Symantec..