This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

URL, website or intranet exclusion in DLP check

Dear Sirs, we are in the middle of Proof Of Concept for using Sophos Endpoint DLP for our desktops and laptops, but we are facing a problem to add exclusion for particular websites such like intranet or CRM or any other internal application.

Looks like the DLP blocks all uploads once choose internet browser, does not matter what is destination, because destination cannot be granular and only can be specified at application level - internet browser, email client, etc, but not to specific domain such like https://intranet.mydomain.com.

Is there any workarounds to skip DLP check for exact web site.

For example in Web control or Threat Protection policy, you can create group of sites to be excluded, is there any option to mix both policy?

Many thanks,

Lirik Veigroeg

This thread was automatically locked due to age.

Parents

Barb@Sophos over 5 years ago

Hello LirikVeigroeg,

Please have a look at this article:

How to configure data control exclusions

Perhaps the limitations of DLP may help you achieve what you need (otherwise, please provide more details):

Known limitations with data control

Regards,

Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
LirikVeigroeg over 5 years ago in reply to Barb@Sophos

Hello,

Unfortunately it is not the answer of my question.

The exclusion I looking for is based on a destination URL/website where user can/cannot upload files.

Endpoint DLP policy in my specific case is:

- Use rules for data transfers

- Where the file type matches "all file types"

- Where the destination is "Internet explorer" and "Firefox" and "Chrome", etc.

- Block transfer

So, we would like to create exclusion to allow transfer/uploads only for website such like Intranet.mydomain.com or crm.mydomain.com.

Do you have any option for that? I tried out with Global Scanning Exclusions, where you can put URL, but it seams does not work for DLP, what is strange.

Can you please advice, how to configure URL exclusion at all to be skipped in agent scanning.

I have the last version of Sophos endpoind agent.

Best,

Lirik
Cancel
Vote Up 0 Vote Down

Cancel
Barb@Sophos over 5 years ago in reply to LirikVeigroeg

Hello LirikVeigroeg,

The available rules for DLP are the ones listed when you set it up. If you would like to request new functionality, please visit this page
Perhaps switching to "Allow transfer if user confirms" may help you in this case.

Also, to clarify, are you using Enterprise or Central? (The latest link you provided for exclusions is a Sophos Central link).
Per that link: "Exclude files, websites and applications from scanning for threats."

DLP is not a threat related option, but a rule to control data. Thus, it will not be affected by a Threat exclusion.

You can find more details about Data Control on page 18 of this document.

Regards,

Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
LirikVeigroeg over 5 years ago in reply to Barb@Sophos

Hello,

I'm using a Sophos Central.

Looks like, once I block uploads and data transfer to web browsers, the DLP functionality will not able to make exclusion based on exact URL or website, such our Intranet, Online banking, National Tax Agency and etc.

Am I right?

Best,

Lirik
Cancel
Vote Up 0 Vote Down

Cancel
jak over 5 years ago in reply to LirikVeigroeg

DLP works at a file level with the destination being the browser process. It has no concept of the site being accessed.

Regards,
Jak
Cancel
Vote Up 0 Vote Down

Cancel
LirikVeigroeg over 5 years ago in reply to jak

Hi Jak,

I understand that. My idea is, if it is possible to be created more sophisticated engine that will able monitor https session for that browser process.

Do you think it is possible?

Best,

Lirik
Cancel
Vote Up 0 Vote Down

Cancel
Barb@Sophos over 5 years ago in reply to LirikVeigroeg

Hello LirikVeigroeg,

I recommend that you reach out to a Sophos Partner to find out if there are any other Sophos products that might work for your needs.

Regarding the current functionality of DLP:
If you would like to request new features, please visit this page.

Regards,

Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
LirikVeigroeg over 5 years ago in reply to Barb@Sophos

Hello

I am wondering that Sophos Endpoint has Web Filtring, that means it checks http/https. So it is logical DLP to have similar functionality.

Website categories in web filtering are predefined, means agent has this information for active browsing sessions.

Many thanks,

Lirik
Cancel
Vote Up 0 Vote Down

Cancel
Barb@Sophos over 5 years ago in reply to LirikVeigroeg

Hi LirikVeigroeg ,

If you would like to see features added to DLP, please feel free to make your suggestions here

Otherwise, can you please clarify what are you requesting?

Thanks!

Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Barb@Sophos over 5 years ago in reply to LirikVeigroeg

Hi LirikVeigroeg ,

If you would like to see features added to DLP, please feel free to make your suggestions here

Otherwise, can you please clarify what are you requesting?

Thanks!

Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data