How do file filters work in Network Discover and Network Protect?
Last Updated December 28, 2018
You wish to understand the syntax used for filtering files in the Include and Exclude
Relevant versions: ALL
The Include Filters field specifies the documents to include in the matching process.
If you leave the Include Filters field empty, Symantec DLP performs matching on all documents in the file share. If you enter any values in the field, Symantec DLP scans only those documents that match your filter.
Syntax for Include Filters:
* (asterisk) represents any number of characters
? (question mark) represents one character
, (comma) and new line represent a logical OR
For example, if you enter:
Symantec DLP matches only files with the .txt and .doc extensions, ignoring everything else.
Similarly, if you enter:
Symantec DLP matches only files with the .doc extension and complete absolute path of 5 characters, such as a two character doc residing on c: (c:\ab.doc) or a 1 character doc residing on a share (\\s.a.doc)
The forward slash (/) and backslash (\) characters are treated as equivalent. They usually represent directory separators, although on Linux the backslash is a valid character in a file name.
All white space at the beginning and end of the pattern is ignored.
The matching process does not support escape characters, so there is no way to match on a question mark, a comma, or an asterisk explicitly.
Exclude Filters The Exclude Filters field lets you specify the documents to exclude in the matching process.
If you leave the Exclude Filters field empty, Symantec DLP performs matching on all documents in the file share. If you enter any values in the field, Symantec DLP scans only those documents that do not match your filter.
The syntax for the Exclude filters is the same as the Include filters.