cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

False positives and Facebooks

Jump to solution

Hello,

I am having an issue with a high number of false positives being generated mainly through Facebook, where ID numbers are being incorrectly flagged as CC numbers. Since I still need to be able to monitor the messenger feature of Facebook, is there any way to exclude the main URL with the exception of the messenger one. For example, is there a way to exclude the main URL www.facebook.com but at the same time, monitor the www.facebook.com/messaging/send/ one? 

Many Thanks


false2.PNG

 
1 Solution

Accepted Solutions
McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: False positives and Facebooks

Jump to solution

Linuxxo,

Unfortunately, When a host is specified in a URL definition, DLP automatically includes the subdomain of this host.. Please see below link to KB90846. 

One way to combat false positives would be to use user based policies, match count scoring, or proximity filters. 

https://kc.mcafee.com/corporate/index?page=content&id=KB90846&actp=null&viewlocale=en_US&showDraft=f...

 

Thanks

 

2 Replies
McAfee Employee Mreaden
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: False positives and Facebooks

Jump to solution

Linuxxo,

Unfortunately, When a host is specified in a URL definition, DLP automatically includes the subdomain of this host.. Please see below link to KB90846. 

One way to combat false positives would be to use user based policies, match count scoring, or proximity filters. 

https://kc.mcafee.com/corporate/index?page=content&id=KB90846&actp=null&viewlocale=en_US&showDraft=f...

 

Thanks

 

Re: False positives and Facebooks

Jump to solution

Many thanks for that, I will look into user based policies.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator