5 Replies Latest reply: Oct 25, 2013 12:37 PM by regancc RSS

    HDLP 9.2 URL Exclusion


      Is it possible to whitelist or exclude a specific URL so HDLP doesn't flag traffic to it as an 'incident' and skew my metrics/reports?


      We use a secure document storage provider and tons of traffic goes to a specific URL with legitimate business traffic to upload docs to it.


      I don't want my DLP metrics to trigger an event when our users upload docs to that URL.


      Any help you can provide is greatly appreciated!



        • 1. Re: HDLP 9.2 URL Exclusion

          I have not found an exclusion option for 9.2 or 9.3 for this feature.   I think I have a PER in for it, but I have about a dozen going all the way back to April for DLP which McAfee has never checked or reviewed - any of them.


          So it may or may not be a feature in 9.3 patch 1, which was scheduled for this month some time.

          • 2. Re: HDLP 9.2 URL Exclusion

            Assuming you are talking about Web Post Protection (WPP) rule, when you create a WPP rule, step 1 allows you to define a Web Destination.

            Create a new Web Destination and add the URL/Web server you want to ignore and uncheck that URL/Domain. Leave the check box for Other web servers. Now the rule will be enforced to all web servers except the one that you left unchecked.

            This option has always existed.

            • 3. Re: HDLP 9.2 URL Exclusion

              Score, I'll be giving that a try myself!  When we had demos and engineers here from McAfee, they told us that this was not an option, and I never found anything definitive in the documentation.   So if we wanted to use WPP for all web-servers and internet addresses, except for 1, we couldn't do that..   I'll give it a shot though, thanks!


              Message was edited by: keithdrone on 10/25/13 7:37:52 AM CDT
              • 4. Re: HDLP 9.2 URL Exclusion

                You are Welcome.

                • 5. Re: HDLP 9.2 URL Exclusion

                  Thanks, at first it didn't appear this was working, but it seems to be so I marked this as 'Answered'...


                  Very much appreciate it.