This issue has been solved.

Exception for multiple users

Created: 03 Feb 2013 • Updated: 08 Feb 2013
DLP Enthusiast's picture
Login to vote
0 0 Votes

Dear All,

I have a list 30 Users with their Active Directory Usernames only. I have to add exceptions to an existing policy.

The actions that are to be put into exception are :

1.Print/Fax

2.Copy to local drive and network share

3. Send Email via outlook and other email services

Can anyone tell me the best practice of how I can do that ? ..

Quick Look Solution

Hi,   Open the policy in

Hi,

 

Open the policy in question that is triggering the incidents and blocking confidential information being sent.

 

1. Set an exception on the Detections tab of the policy for the relevant user's actions*. 
2. Open the policy in question. 
3. On the Detection tab click on the Add Exception button
4. Under Protocol check the option Protocol or Endpoint Monitoring
5. Then click on the Next button. 
6. Enter an Exception Name
7. Under Conditions select the options required by ticking each box required. eg. HTTP, SMTP, Local Drive, Removable Storage, Copy to Network Share, Clipboard,..etc.
8. Go to the bottom and select the dropped Also Match down box and look for and select Sender/User Matches Pattern
9. Click on Add button
10. A new box will appear on screen for Sender Pattern, enter the domain username of the users you want to exclude from the policy. 
11. Click OK button to finish.

Filed Under

Comments

DLP Enthusiast
Partner
Accredited
03
Feb
2013

NOTE : Only information I

NOTE : Only information I have is the AD username. So the Emails are based on the AD Username
Eg : "ADusername@companyname.com".

Now I have to add the above exceptions to an exisiting policy .

Please Help ..

pete_4u2002
Symantec Employee
Accredited
03
Feb
2013

use the directory group

use the directory group matching, more information available on the Admin guide.

DLP Enthusiast
Partner
Accredited
03
Feb
2013

@pete: Ive tried that but the

@pete: Ive tried that but the problem is, its almost impossible to locate these users on Active Directory. If I could locate the group where these users are that could be easy . But im not able to lacate the group to which these ppl belong.

pete_4u2002
Symantec Employee
Accredited
03
Feb
2013

may be you can search through

may be you can search through AD window a know the group and then add it through exception.

DLP Enthusiast
Partner
Accredited
03
Feb
2013

If there is a possibility

If there is a possibility that these users are in different group . Then what should be the approach ? ..

pete_4u2002
Symantec Employee
Accredited
03
Feb
2013

you can select user even part

you can select user even part of different group.

DLP Enthusiast
Partner
Accredited
03
Feb
2013

@ Pete ..For testing purpose,

@ Pete ..For testing purpose, if I want my username to be in the exception . What approach should is advisable ?

kishorilal1986
Accredited
06
Feb
2013
SOLUTION

Hi,   Open the policy in

Hi,

 

Open the policy in question that is triggering the incidents and blocking confidential information being sent.

 

1. Set an exception on the Detections tab of the policy for the relevant user's actions*. 
2. Open the policy in question. 
3. On the Detection tab click on the Add Exception button
4. Under Protocol check the option Protocol or Endpoint Monitoring
5. Then click on the Next button. 
6. Enter an Exception Name
7. Under Conditions select the options required by ticking each box required. eg. HTTP, SMTP, Local Drive, Removable Storage, Copy to Network Share, Clipboard,..etc.
8. Go to the bottom and select the dropped Also Match down box and look for and select Sender/User Matches Pattern
9. Click on Add button
10. A new box will appear on screen for Sender Pattern, enter the domain username of the users you want to exclude from the policy. 
11. Click OK button to finish.

DLP Enthusiast
Partner
Accredited
06
Feb
2013

Hi Kishorilal , That's the

Hi Kishorilal ,

That's the solution .. Thanks for your support .

Is this the best practice to do it ? .. Or doing it with Group policy is the best practice ?

Please confirm ...

kishorilal1986
Partner
Accredited
07
Feb
2013

Hi Muzami it deoends on ur

Hi Muzami it deoends on ur req but it is better to keep with group plicy.

DLP Enthusiast
Partner
Accredited
08
Feb
2013

@ KS Sharma..Thanks for your

@ KS Sharma..Thanks for your input !