Data Loss Prevention

 View Only
Back to discussions
Expand all | Collapse all

Can DLP scanning be turned off for people in a specific global group?

  • 1.  Can DLP scanning be turned off for people in a specific global group?

    Posted Mar 08, 2018 03:35 PM

    Here is my situation.  We have a user that needs to transfer large amounts of data (20-40GB) to a USB drive.  With DLP turned off, the transfer takes about 30 minutes or so.  With DLP turned on it takes at least 8 hours because DLP is scanning every file that is transferred.  We still want DLP on the machine to scan any email or web traffic, we just want to be able to turn off DLP scanning on USB for a specific person(s).  We have a global group that we use to allow people to transfer sensitive information to USB and not get blocked, but the data is still scanned while it is being transferred and therefore it slows down the transfer.

    My question is, is there any configuration in DLP we can do to allow these transfers to not be scanned at all?  We have some ideas on workarounds outside of DLP but wanted to see if we could do it inside of DLP.

    We are currently running the 14.6 agents and 14.5 servers, if that matters.

     

     



  • 2.  RE: Can DLP scanning be turned off for people in a specific global group?

    Trusted Advisor
    Posted Mar 09, 2018 03:25 PM

    TheTerje,

    The easiet way is to create a NEW Agent configuration that DOES NOT inspect USB at all (uncheck the box). Then apply that Agent configuration to the user/machine or to an AD group setting.

    This way the Agent configuration does not look at USB for those specific users or machines.

    See the following on how to do it...

    https://www.symantec.com/connect/forums/symante-dlp-search-filters-ad?list_context_id=1681&list_context_type=sc_forum

    Good Luck,

    Ronak

    PLEASE MARKED SOLVED WHEN POSSIBLE