What is the best way to allow emails that are marked as false positives to be sent to the intended recipient?
can you explain the use case for false positive of email?
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
We are protecting against PCI and PII. If the blocked message does not fall into either of those categories, it is marked as false positive. With how vital it is to ensure that sensitive info is secure we are not adding any exceptions for them based on body content, attachments or sender. We want to have as much control as we possibly can.
Are you using SMTP Prevent to do this? If so, have you considered using a "Modify SMTP Message" response rule to trigger a downstream quarantine?
A false positive email can be released from the downstream device's quarantine.
You can integrate DLP with Symantec Message Gateway (SMG) to implement an email workflow.
SMG can forward the email to DLP for detection, after the detection of email whether it's confidential, DLP will 'tell' SMG to hold this email for admin's review.
If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
I think we may also do this by applying an Exception to the existing policy . The exception should be a rule of " Match Regular Expression " and then paste the contents of the Email (if text) and try testing it .
We create temporary exceptions and let the e-mails through. If we find that we are having a decent number of the same type of e-mail we will craft a more permanent exception. We also have a list of special codes that our service desk has that someone can put in their e-mail to let it through. These are only used in "emergencies" and each of these incidents is thoroughly investigated.