How to configure DLP to exclude monitoring a specific network share?
Created: 03 Feb 2013 | 6 comments
Hello,
My DLP Version is 11.5.
I need to make a policy to allow the content to be moved to a specific network share while blocking communication with any other network share.
I've tryed to specify it using the option "Recipient Matches Pattern" in "exception" of a policy, in the rule, placing the IP of the network share, in the field "IP Address", but it didn't work.
Is it possible to implement such requirement in DLP 11.5?
Discussion Filed Under:
Comments 6 Comments • Jump to latest comment
ozadsun,
copy and or quaratine will do this in teh discover option of moving it to a share... it may also be better to break out your scans to have a scans \\fs1\sales, \\fds\engineering. i will break mine out sometimes to avoid longer scans on certain servers, or scan different shares on the same server on different nites,
Hi Oza,
Please refer
Currently, DLP does not support IP filter for Network shares. Network share uses UNC and for DLP it is not considered as network event. You can use IP filter for protocols such as HTTP/FTP traffic.
Endpoint File Copies to and from Network Shares does not currently have the ability to use filters to exclude specific destinations or sources. Advise User to put exception of copy to network share in policy in order to ignore monitoring of Endpoint File Copies to and from Network Share.
Helpful links
http://www.symantec.com/connect/forums/how-configu...
http://www.symantec.com/connect/forums/how-configu...
Please also refer below
To setup IP filters for the Vontu Monitor Server:
-, <destination> , <source> drop all streams send to <destination> from <source>
+, <destination> , <source> includes all streams send <destination> from <source>
All filters are processed from top to bottom. Make sure that there is no extra linefeed at the end. Otherwise you will get errors.
For example, if you want to exclude only IPs 1.1.1.1 and 2.2.2.2 and keep everything else, you could do the following
-,*,1.1.1.1;-,*,2.2.2.2;+,*,*
You can also use Classless Inter Domain Routing (CIDR) notation (http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). A filter of +,10.67.0.0/16,*;-,*,* matches all streams going to network 10.67.x.x but does not match any other traffic.
For more information on filtering and protocols, open the online help from Administration > Settings -> Protocols.
Hi Ozard,
As shown above , u can use IPfiltering rule to exclude monitoring a specific network share in exception rule. Else route their traffice from where DLP cant monitor.
the IPfilter exception is for HTTP/FTP not for network,
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi Oza,I hope above responce/resolution might helped you for your requirement.
You can use not only IPfiltering solution but also the domain filtering(-/+www.gmail.com,*) etc for above thread.
check the above thraed and let me know if u need anything more on this.
Would you like to reply?
Login or Register to post your comment.