Data Loss Prevention

Dear All,

I have a scenario with me where I have to provide exception to a set of users for specific network shares.

Is it possible that we can give exception to a user on a specific folder in one of the Network Shares ? ..I have the IP addresses of these network shares and details of the users. 

What is the best way to give them the Exception ..?

Hi Muzammil,

Yes, you can do this

1. Policy>group>Add exception>

2. For Users exception - Sender>Rule name>User details (to whom you want to exclude)

3. Select and Also Match>Recipient Matches Pattern>Enter the n/w shares IP

@ vdaddi

I have a situation for you . There is a network share, and a network share has a lot of folders and sub folders. Can I be precised enough to mention the folder name that has to be given exception and access to any other folder or file in the same network share to trigger an incident.

Is there any way I can be precise.. ?

Muzammil,

Precise...???? ohhhh. some thing out of the box.. 

You can do with the URL match in the 2nd step. Ex: \\fileser01\dlp$

I have not tested this, please test the same and share the results.

Muzammil,

Try

3. Select and Also Match>Recipient Matches Pattern>Enter the URL of folder Ex:\\Fileserv01\Test$

That's a good idea.. But if in case where I have a network share like " \\Fileserv01/abcd/efgh/ijkl " , if I mention this in the URL feild and save the exception. Will I be exempted for the folder "abcd" also ?? When i only want exception for the folder "ijkl"

Ok, In that case create different share name with different folder path which you want to exclude and add in the expections.

Can we make the exception by using the IP Address of the N/W share ?

Yes, we can do exception using ip address.

And you can do at endpoint level, you can add exception in Agent configuration>Filter by Network Properties

That would give all users the exception for that particular IP .. I want to be specific ..

Yes, Muzammil u can do this through IP address of N/W share.

I above case where you are asking about Will I be exempted for the folder "abcd" also ??

You need to add exception on Endpoint Agent of network share machine with exception in local files and folders in agent configaration setting.

@ KS

The Network Share is not installed with the agent . Moreover i tried using the URL of the Network Share but the error I get is that its an invalid URL .. Why is this ? . I thought this would be successful .

Yesterday I tried multiple combinations for giving Exception but failed miserably.

I tried using the URL first and then tried with the IP Address but of no use. Tried using the Enpoint Protocol and then added sender matches pattern and then added recipient mateches pattern but nothing works .. 

Why is this happening ??

Hi Muzami,

Currently, DLP does not support IP filter for Network shares. Network share uses UNC and for DLP it is not considered as network event. You can use IP filter for protocols such as HTTP/FTP traffic.

Endpoint File Copies to and from Network Shares does not currently have the ability to use filters to exclude specific destinations or sources. Advise User to put exception of copy to network share in policy in order to ignore monitoring of Endpoint File Copies to and from Network Share.
Enhancement Request PM-1685 has been created to address this issue.

Thanks KS .. Got know the same thing from Symantec..