Enterprise Data Loss Prevention (E-DLP) Exception Rules enable your data security administrators to create targeted exemptions in a granular profile DLP rule. Exception rules enable data security administrators to define exceptions for specific users, groups, and destinations without modifying existing Security policy rules. In organizations where Data Security and Network Security teams operate separately, this feature enables Data Security teams to independently implement data protection policy rules without relying on Network Security teams for exceptions. Your data security administrators can configure these exception rules within a granular profile to override the default actions for specified data profiles when certain source and destination conditions are met.

When you need to create nuanced data protection policy rules, such as blocking source code from being sent to any destination except GitHub, or preventing financial data downloads from your ERP system by anyone outside the finance department, exception rules provide the flexibility to implement this activity. Each exception rule lets your data security administrator specify data profiles, traffic source (users or user groups), traffic destination (applications or URLs), and the action Enterprise DLP takes when inspected traffic meets the exception match criteria.

Your data security administrators can configure exception rules to override the default block or alert actions with alternative actions, including allowing the transfer without generating an incident. For each exception rule, your data security administrators can specify an override action and a log severity level. Exception rules for granular profiles help your data security administrators maintain strong data protection while accommodating legitimate business workflows that require exceptions to your general data Security policy rules.