Symantec Data Loss Prevention Endpoint

In the endpoint agent configuration, you have added a filter to exclude a particular domain, similar to: -*.domain.com
However, you still receive incidents for requests to the excluded domain, when a custom port is in use (such as https://domain.com:8000).

This behavior is expected.
The filter directly parses the URL of the request.
Since http://domain.com:8000 does not literally match *domain.com (due to the custom port), the exception is not triggered.

• You can override this behavior by adding the port number to the filter string. e.g. -*domain.com:8000
• If you need to add multiple ports for the same domain, you can use a wildcard for the port as well. e.g. -*domain.com:*

Note that in the latter case, the filter only matches URLs that have a specified port number. You need to add this filter in addition to the original filter without a port number (-*domain.com:*, -*domain.com).