We are trying to configure the endpoint agent (or an endpoint policy) to behave this way:
- If the endpoint is copying a file to a company network share, ignore the event, do not log an incident. (For example, do not count this as a violation of copying confidential documents. We "want" people to use company network file servers.
- If the endpoint is copying a file to a non-company network share, log the event. In other words, if the client takes a laptop, connects it to a home network, we want to know if the confidential documents have been copied to a file-share on the client's home computer network.
We have tried this combination of exception:
"exclude copy to network share (protocol) AND "exclude copy to network share: (Endpoint location is on the corporate network)"
Your suggestions?