Data Loss Prevention

 View Only
  • 1.  How to configure DLP to exclude monitoring a specific network share?

    Posted Feb 04, 2013 01:43 AM

    Hello,

    My DLP Version is 11.5.

    I need to make a policy to allow the content to be moved to a specific network share while blocking communication with any other network share.

    I've tryed to specify it using the option "Recipient Matches Pattern" in "exception" of a policy, in the rule, placing the IP of the network share, in the field "IP Address", but it didn't work.

    Is it possible to implement such requirement in DLP 11.5?



  • 2.  RE: How to configure DLP to exclude monitoring a specific network share?

    Posted Feb 04, 2013 01:46 PM

    ozadsun,

    copy and or quaratine will do this in teh discover option of moving it to a share... it may also be better to break out your scans to have a scans \\fs1\sales, \\fds\engineering. i will break mine out sometimes to avoid longer scans on certain servers, or scan different shares on the same server on different nites,

     



  • 3.  RE: How to configure DLP to exclude monitoring a specific network share?

    Posted Feb 06, 2013 04:05 AM

    Hi Oza,

    Please refer

     

    Currently, DLP does not support IP filter for Network shares. Network share uses UNC and for DLP it is not considered as network event. You can use IP filter for protocols such as HTTP/FTP traffic.

    Endpoint File Copies to and from Network Shares does not currently have the ability to use filters to exclude specific destinations or sources. Advise User to put exception of copy to network share in policy in order to ignore monitoring of Endpoint File Copies to and from Network Share.

    Helpful links

    http://www.symantec.com/connect/forums/how-configure-dlp-protect-specific-network-share-fileserver

    http://www.symantec.com/connect/forums/how-configure-dlp-exclude-monitoring-specific-network-share



  • 4.  RE: How to configure DLP to exclude monitoring a specific network share?

    Posted Apr 12, 2013 12:30 AM

    Please also refer below

    To setup IP filters for the Vontu Monitor Server:

    1. From Vontu Enforce, in the left pane, go to Administration > Settings > Protocols (if you want to apply to ALL Monitor servers); or go to Administration > System > Overview > Network Monitor server > Configure > Protocol (if you want to apply ONLY to a specific Monitor server).
    2. Add the filter by selecting the protocol you want.
    3. Use the following general syntax for IP filtering:

      -, <destination> , <source> drop all streams send to <destination> from <source>
      +, <destination> , <source> includes all streams send <destination> from <source>

      All filters are processed from top to bottom. Make sure that there is no extra linefeed at the end. Otherwise you will get errors.
      For example, if you want to exclude only IPs 1.1.1.1 and 2.2.2.2 and keep everything else, you could do the following

      -,*,1.1.1.1;-,*,2.2.2.2;+,*,*

      You can also use
      Classless Inter Domain Routing (CIDR) notation (http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). A filter of +,10.67.0.0/16,*;-,*,* matches all streams going to network 10.67.x.x but does not match any other traffic.

      For more information on filtering and protocols, open the online help from Administration > Settings -> Protocols.


  • 5.  RE: How to configure DLP to exclude monitoring a specific network share?

    Posted Apr 13, 2013 02:06 PM

    Hi Ozard,

    As shown above , u can use IPfiltering rule to exclude monitoring a specific network share in exception rule. Else route their traffice from where DLP cant monitor.



  • 6.  RE: How to configure DLP to exclude monitoring a specific network share?

    Broadcom Employee
    Posted Apr 13, 2013 10:49 PM

    the IPfilter exception is for HTTP/FTP not for network,



  • 7.  RE: How to configure DLP to exclude monitoring a specific network share?

    Posted Apr 16, 2013 08:21 AM

    Hi Oza,I hope above responce/resolution might helped you for your requirement.

    You can use not only  IPfiltering solution but also the domain filtering(-/+www.gmail.com,*) etc for above thread.

    check the above thraed and let me know if u need anything more on this.