Managing exceptions

Most rules have exceptions.

In Forcepoint DLP, exceptions and rules are tightly linked.

  1. When there is a transaction, rules are evaluated.
  2. If a rule is matched, its exception is evaluated, if any.
  3. If the exception is matched, the exception action is taken.

In other words, exceptions are evaluated only when their rules are matched. For example:

  • The rule “Pizza” indicates that email messages from John Doe that have the word “pizza” in them should be encrypted.
  • An exception to “Pizza” indicates that messages that include 5 instances of “pepperoni” should be quarantined.

As a result, messages from John Doe with both “pizza” and 5 instances of “pepperoni” are quarantined.

Unlike rules, exceptions cannot be cumulative.

Add exceptions on the Manage DLP Policies or Manage Discovery Policies page in the Data Security module of the Forcepoint Security Manager (Main > Policy Management > DLP Policies or Discovery Policies > Manage Policies).

Select a rule in the tree, the select Add > Exception from the toolbar at the top of the content pane.

Like policies, exceptions have levels that define execution priority order. See Rearranging exceptions section for information on ordering exceptions.