KB Article | Forcepoint Support

Notes & Warnings

Note This configuration will still analyze traffic from the Data Endpoint LAN channel, but no incidents will be generated, thus this should only be used to reduce incident generation and not to increase performance of the Data Endpoint.

If multiple Data Endpoint LAN rules are in use, any exceptions would need to be added to each rule in use to prevent inconsistent incident generation.

If using a full UNC path rather than a single share or directory for a share path, three entries per directory must be added to the File Type Classifier to account for the three ways a user can access a share (IP, machine name, FQDN). For example:

10.0.0.5\HR\*
testMachine\HR\*
testMachine.testDomain.local\HR\*

Problem Description

How do I configure Forcepoint DLP (formerly known as Websense TRITON - Data Security) to exclude individual shares from being scanned by the Data Endpoint for the LAN Channel?

Resolution

Adding directories in the file type properties classifier will allow Forcepoint to exclude shares and directories on the Endpoint LAN channel.
  1. Create a File Type Classifier for the share to be excluded. In the Forcepoint DLP Manager, perform the following steps:
    1. Navigate to Content Classifiers > File Properties > By Name > New
    2. Give a name to the Classifier, and in the File Names field, input the share with the format *\SHARENAME\*  - For example, *\HR\* would exclude any files in a share which has \HR\ in the path.  Sub-folders can also be added by including the sub-folders in the classifier: *\SHARENAME\SUBFOLDER\* - For example *\HR\documents\templates\*
    3. If you have a specific directory on a share, it is advised to be as explicit as possible to avoid false negatives - i.e. *\HR\public_forms\docs\templates\*
  2. Several exclusions of shares/directories can be added to a single File Names classifier. To do this, create an exception for the new Classifier so that specific rules do not trigger when copying to the DLP Endpoint LAN destinations within these shares/directories. In the Forcepoint DLP Manager, perform the following steps:
    1. Select a rule monitoring the Endpoint LAN channel, then click on New > Exception
    2. Give the Exception a name then click Next
    3. Check the Condition checkbox then click Add > File Properties > [Classifier from Step 1]
    4. Check the Destination checkbox then check the Endpoint LAN channel checkbox
    5. To apply this exception to specific file servers, add the file servers by hostname or IP in the Included Destination. If the Endpoint LAN channel is left to the 'All' option, any LAN destination with an excluded directory name would be allowed.
    6. Create a new Action Plan set to Permit on all channels then uncheck the Audit checkbox



Keywords: DLP Data Security; Endpoint LAN; Forcepoint One Endpoint; Removable Media; Exception; Whitelist; Exclusion; Custom Policy; FQDN; Exclude File Path; False Positive

Article Feedback



Thank you for the feedback and comments.