This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URL, website or intranet exclusion in DLP check

Dear Sirs, we are in the middle of Proof Of Concept for using Sophos Endpoint DLP for our desktops and laptops, but we are facing a problem to add exclusion for particular websites such like intranet or CRM or any other internal application.

Looks like the DLP blocks all uploads once choose internet browser, does not matter what is destination, because destination cannot be granular and only can be specified at application level - internet browser, email client, etc, but not to specific domain such like https://intranet.mydomain.com.

Is there any workarounds to skip DLP check for exact web site.

For example in Web control or Threat Protection policy, you can create group of sites to be excluded, is there any option to mix both policy?

Many thanks,

Lirik Veigroeg



This thread was automatically locked due to age.
Parents
  • Hello LirikVeigroeg,

    Please have a look at this article:

    How to configure data control exclusions

    Perhaps the limitations of DLP may help you achieve what you need (otherwise, please provide more details):

    Known limitations with data control

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hello,

    Unfortunately it is not the answer of my question.

    The exclusion I looking for is based on a destination URL/website where user can/cannot upload files.

    Endpoint DLP policy in my specific case is:

    - Use rules for data transfers

    - Where the file type matches "all file types"

    - Where the destination is "Internet explorer" and "Firefox" and "Chrome", etc.

    - Block transfer

    So, we would like to create exclusion to allow transfer/uploads only for website such like Intranet.mydomain.com or crm.mydomain.com.

    Do you have any option for that? I tried out with Global Scanning Exclusions, where you can put URL, but it seams does not work for DLP, what is strange.

    Can you please advice, how to configure URL exclusion at all to be skipped in agent scanning.

    I have the last version of Sophos endpoind agent.

     

    Best,

    Lirik

     

  • Hello LirikVeigroeg,

    The available rules for DLP are the ones listed when you set it up.  If you would like to request new functionality, please visit this page
    Perhaps switching to "Allow transfer if user confirms" may help you in this case.

    Also, to clarify, are you using Enterprise or Central? (The latest link you provided for exclusions is a Sophos Central link).
    Per that link: "Exclude files, websites and applications from scanning for threats."  


    DLP is not a threat related option, but a rule to control data. Thus, it will not be affected by a Threat exclusion. 

    You can find more details about Data Control on page 18 of this document.


    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hello,

     

    I'm using a Sophos Central.

    Looks like, once I block uploads and data transfer to web browsers, the DLP functionality will not able to make exclusion based on exact URL or website, such our Intranet, Online banking, National Tax Agency and etc.

    Am I right?

     

    Best,

    Lirik

Reply
  • Hello,

     

    I'm using a Sophos Central.

    Looks like, once I block uploads and data transfer to web browsers, the DLP functionality will not able to make exclusion based on exact URL or website, such our Intranet, Online banking, National Tax Agency and etc.

    Am I right?

     

    Best,

    Lirik

Children