DLP Endpoint Prevent with HTTP monitoring enabled does not flag keyword or DCM based rules. IP Filters are enabled within the Agent Configuration. HTTP Domain filters are enabled within the Agent Configuration.
Use Case: Exclude local network traffic from monitoring, but monitor all other HTTP/FTP/IP traffic.
There is NO implied 'inspect all traffic' rule if IP Filters are configured within the Agent Configuration.
If IP Filters are defined, HTTP and FTP streams are inspected based solely on the defined rules.
Examples: A filter of +,10.67.0.0/16,*;-,*,* matches all streams going to network 10.67.x.x but does not match any other traffic. A filter of -,10.0.0.5/8,*;+,*,* ignores all streams going to network 10.0.0.5, but matches all other traffic.
The key take away is the final rule, +,*,*, allows for all other streams, HTTP/FTP/IP, not previously defined to be included for detection.
Subscribing will provide email updates when this Article is updated. Login is required.