This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URL, website or intranet exclusion in DLP check

Dear Sirs, we are in the middle of Proof Of Concept for using Sophos Endpoint DLP for our desktops and laptops, but we are facing a problem to add exclusion for particular websites such like intranet or CRM or any other internal application.

Looks like the DLP blocks all uploads once choose internet browser, does not matter what is destination, because destination cannot be granular and only can be specified at application level - internet browser, email client, etc, but not to specific domain such like https://intranet.mydomain.com.

Is there any workarounds to skip DLP check for exact web site.

For example in Web control or Threat Protection policy, you can create group of sites to be excluded, is there any option to mix both policy?

Many thanks,

Lirik Veigroeg



This thread was automatically locked due to age.
Parents Reply Children
  • Hello LirikVeigroeg,

    I recommend that you reach out to a Sophos Partner to find out if there are any other Sophos products that might work for your needs.

    Regarding the current functionality of DLP:
    If you would like to request new features, please visit this page.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hello

    I am wondering that Sophos Endpoint has Web Filtring, that means it checks http/https. So it is logical DLP to have similar functionality.

    Website categories in web filtering are predefined, means agent has this information for active browsing sessions.

    Many thanks,

    Lirik

  • Hi LirikVeigroeg ,

    If you would like to see features added to DLP, please feel free to make your suggestions here

    Otherwise, can you please clarify what are you requesting?

    Thanks!

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hello Lirik,

    not that what you want isn't at least thinkable but a DLP doing this kind of thing would not only need to know the target address but also have access to the unencrypted data stream destined to it. Don't forget that usually a visit to a site results in several connections and some of them to other sites than the visited site proper. Furthermore, you can have more than one tab or window open. To determine what (unencrypted) goes where an add-on would be needed - given the variety of browsers and their frequent changes not a simple task (apart from the fact that add-ons can be disabled by the user).

    Categories and filtering are all-or-nothing - either you are permitted to access a site or not. For HTTPS it even has to work at the lower level, the SSL/TLS connection initiation (Download Reputation doesn't work on Firefox AFAIK and Block risky file types works only for HTTP). There's no active session from the POV of Web Protection/Control.

    Thus it is not possible to determine what goes where from outside the browser. What DLP does is assessing what kind of file/data that it will potentially try to upload the browser is about to read and allow or deny access to this file.

    In short, the different features can't be stitched together to achieve what you want (i.e. exempt certain sites from DLP checking).

    Christian