I just finished scanning all Endpoint on a specified range, which are on the 192.168.2.xxx network block (sample-not actual).
The syntax I used for the IP range was: >192.168.2.0/24 (sample-not actual).
I am wondering why Endpoint Discover is including IP addresses outside of the range above, such as several 10.xxx.xxx.xxx IP addresses it scanned?
Also, I noticed something peculiar about all of the results which did not match my include filter criteria. The data owner for the odd-ducks all came back as "BUILTIN\Administrator" as the file owner instead of our expected domain\[user-name]. The correct results that matched my include filter came back as [our domain]\[user-name].
The DLP help page says, "The endpoint is scanned if it matches the IP filter, otherwise it is not scanned." Why does it say one thing but do another?
Here is the help page I am referring to, just toss it into the search field of the built-in DLP HTTPS Help: "About Endpoint Discover target filters".