Data Loss Prevention

 View Only
  • 1.  Exclude application activity from DLP monitoring

    Posted Aug 01, 2017 05:25 AM

    Hi all,

    I would like to know which is the most efficient way to completly exclude an application running on Windows OS from the DLP monitoring. 

    Our customers run some applications designed by them and they want all activity generated by these programs not to be inspected by the DLP agents, in order not to affect at all the performance of the application processes.

    I know that you can configure new applications from "Application Monitoring", but I'm not sure that adding the application and unmarking all the monitoring channels will avoid the processing of the activity (not only from generating new incidents).

    Thanl you very much in advance!



  • 2.  RE: Exclude application activity from DLP monitoring

    Posted Aug 01, 2017 08:46 AM

    You can Exclude the application under  Agent configuration & add monitoring filtering. keep filter Action to Ignore.

     

    Regards,

    Ajeet Kumar



  • 3.  RE: Exclude application activity from DLP monitoring

    Posted Aug 02, 2017 08:41 AM

    Hi Ajeet,

    Thank you for your response.

    Unfortunately, on Agent Configuration, I only see "add monitoring filter" on "Filter by File Properties" and there I dont see how to add an application for ignoring it...

    Regards



  • 4.  RE: Exclude application activity from DLP monitoring

    Posted Aug 03, 2017 02:08 PM

    Hi CarlosGomez,

    You can follow this article which for google chrome.

    https://support.symantec.com/en_US/article.HOWTO100454.html

    1. Go to the Agent Configuration screen (System Agents Agent Configuration).
    2. Click the name of an existing configuration to open it, or click Add Configuration.
    3. Locate the Filter by File Properties section on the Agent Monitoring tab.
    4. Click Add Monitoring Filter to display the Configure Server - File Filter screen.
    5. In the Filter Action section, select Ignore (do not monitor).
    6. In the Endpoint Channel section, select Application File Access.
    7. In the File Attributes section, select File Path on Destination.
    8. Enter the following in the File Path on Destination field:
      <computercode style="box-sizing: border-box; font-family: monospace !important; font-size: 1em !important;">$LocalAppData$\Google\Chrome\*</computercode>
    9. Click Save.
    10. Click Save on the Agent Configuration screen to enable your changes.


  • 5.  RE: Exclude application activity from DLP monitoring

    Posted Aug 03, 2017 04:56 PM

    Hello,

    I have excluded excluded internal applications so that the agent does not affect its operation.
    Configure it from System Agents Application Monitoring
    1. Add application
    2. Enter the name of the application for expample "Control y Gestion"
    3. Binary name of the program that you are going to exclude this you check it in the executable of the program giving right click in target properties after the inverted diagonal name without space ".exe"
    4. Internal name you enter the name without the ".exe"
    5. Original File Name same as Binary Name
    6. Application type: Generic
    Application Monitoring Configuration: Do not select anything because you will not monitor the application.
    Save the changes.

     
    I attached screens of the same example as experience served me since I had the bad experience that the agent DLP affected the operation of that application and in the console in the same way I have excluded the applications of internal use of the organization.
    I hope and I help you.
    Regards.



  • 6.  RE: Exclude application activity from DLP monitoring

    Posted Aug 03, 2017 04:59 PM

    Hello,

    I have excluded excluded internal applications so that the agent does not affect its operation.
    Configure it from System > Agents > Application Monitoring:
    1. Add application
    2. Enter the name of the application for example "Control y Gestion"
    3. Binary name of the program that you are going to exclude this you check it in the executable of the program giving right click in target properties after the inverted diagonal name without space ".exe"
    4. Internal name you enter the name without the ".exe"
    5. Original File Name same as Binary Name
    6. Application type: Generic
    Application Monitoring Configuration: Do not select anything because you will not monitor the application.
    Save the changes.

     
    I attached screens of the same example as experience served me since I had the bad experience that the agent DLP affected the operation of that application and in the console in the same way I have excluded the applications of internal use of the organization.
    I hope and I help you.
    Regards.



  • 7.  RE: Exclude application activity from DLP monitoring

    Posted Nov 01, 2017 09:14 AM

    Have you tried adding this to Agent configuration?