DLP Exceptions

The DLP engine supports defining Allow-Lists by Sender, Recipient, File MD5, and Strings.

The DLP engine stops scanning emails, messages, and files that match an Allow-List rule. The DLP verdict will automatically be clean for the Allow-List.

Notes:

DLP Allow-List applies to both the incoming and outgoing DLP policy rules. For information about DLP policies, see Data Loss Prevention (DLP) Policy.
Emails, messages, and files in the DLP Allow-List are evaluated by other security engines, such as Anti-Malware and Anti-Phishing.
To add string-based DLP Allow-List, you need View All Sensitive Data role assigned under Specific Service Roles for Harmony Email & Collaboration.
When you add multiple strings, each string will be added as a separate exception. Allow-listed strings will not be flagged as a DLP violation.

Adding DLP Allow-List

You can add DLP Allow-List rule from any of these:

From the DLP Allow-List
1. Click Security Settings > Exceptions > DLP.
2. In the drop-down from the top of the page, select Allow-List.
3. Click Create Allow-List.
4. Select the required Allow-List Type.
  - Sender
  - Recipient
  - File MD5
  - String
5. Enter the required sender/recipient's email address or domain, File MD5 or strings.
6. If required, enter a comment for the Allow-List rule and click OK.
  
  You can use the commented text to filter and find the Allow-Lists with a specific text from their comments.
7. Click OK.
From the Entity Profile page
1. Open the required email profile, message, or file from the Security Events.
2. Under Security Stack, select Create Allow-List.
3. Select the required Allow-List Type.
  - Sender
  - Recipient
  - File MD5
  - String
  The File MD5 or file's detected strings will be displayed automatically.
4. Enter the required sender/recipient's email address or domain, or strings.
5. If required, enter a comment for the Allow-List rule and click OK.
  
  You can use the commented text to filter and find the Allow-Lists with a specific text from their comments.
6. Click OK.