Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Exception for N/W share.

Created: 29 Apr 2013 • Updated: 05 May 2013 | 14 comments
DLP Enthusiast's picture
This issue has been solved. See solution.

Dear All,

I have a scenario with me where I have to provide exception to a set of users for specific network shares.

Is it possible that we can give exception to a user on a specific folder in one of the Network Shares ? ..I have the IP addresses of these network shares and details of the users. 

What is the best way to give them the Exception ..?

Operating Systems:

Comments 14 CommentsJump to latest comment

vdaddi's picture

Hi Muzammil,

Yes, you can do this

1. Policy>group>Add exception>

2. For Users exception - Sender>Rule name>User details (to whom you want to exclude)

3. Select and Also Match>Recipient Matches Pattern>Enter the n/w shares IP

 

DLP Enthusiast's picture

@ vdaddi

I have a situation for you . There is a network share, and a network share has a lot of folders and sub folders. Can I be precised enough to mention the folder name that has to be given exception and access to any other folder or file in the same network share to trigger an incident.

Is there any way I can be precise.. ?

vdaddi's picture

Muzammil,

Precise...???? ohhhh. some thing out of the box.. 

You can do with the URL match in the 2nd step. Ex: \\fileser01\dlp$

I have not tested this, please test the same and share the results.

 

vdaddi's picture

Muzammil,

Try

3. Select and Also Match>Recipient Matches Pattern>Enter the URL of folder Ex:\\Fileserv01\Test$

DLP Enthusiast's picture

That's a good idea.. But if in case where I have a network share like " \\Fileserv01/abcd/efgh/ijkl " , if I mention this in the URL feild and save the exception. Will I be exempted for the folder "abcd" also ?? When i only want exception for the folder "ijkl"

vdaddi's picture

Ok, In that case create different share name with different folder path which you want to exclude and add in the expections.

 

Share.png
DLP Enthusiast's picture

Can we make the exception by using the IP Address of the N/W share ?

vdaddi's picture

Yes, we can do exception using ip address.

And you can do at endpoint level, you can add exception in Agent configuration>Filter by Network Properties

DLP Enthusiast's picture

That would give all users the exception for that particular IP .. I want to be specific ..

kishorilal1986's picture

Yes, Muzammil u can do this through IP address of N/W share.

I above case where you are asking about Will I be exempted for the folder "abcd" also ??

You need to add exception on Endpoint Agent of network share machine with exception in local files and folders in agent configaration setting.

DLP Enthusiast's picture

@ KS

The Network Share is not installed with the agent . Moreover i tried using the URL of the Network Share but the error I get is that its an invalid URL .. Why is this ? . I thought this would be successful .

DLP Enthusiast's picture

Yesterday I tried multiple combinations for giving Exception but failed miserably.

I tried using the URL first and then tried with the IP Address but of no use. Tried using the Enpoint Protocol and then added sender matches pattern and then added recipient mateches pattern but nothing works .. 

Why is this happening ??

kishorilal1986's picture

Hi Muzami,

Currently, DLP does not support IP filter for Network shares. Network share uses UNC and for DLP it is not considered as network event. You can use IP filter for protocols such as HTTP/FTP traffic.

Endpoint File Copies to and from Network Shares does not currently have the ability to use filters to exclude specific destinations or sources. Advise User to put exception of copy to network share in policy in order to ignore monitoring of Endpoint File Copies to and from Network Share.
Enhancement Request PM-1685 has been created to address this issue.

SOLUTION
DLP Enthusiast's picture

Thanks KS .. Got know the same thing from Symantec..