Policy Guide › Editing Policies in the Administration Console › Policy List Items › Included, Excluded and Ignored Lists

Included, Excluded and Ignored Lists

For each policy list setting, you can specify an Included list of items or an Excluded list. You specify which list is checked for matching items. For email and file triggers, you can also define an Ignored list of email addresses or file names. The Which List? policy settings determine which list is used to detect matching URLs, file names, email addresses, search text, and so on.

Included lists

Included items are forbidden items. If a trigger uses an Included list, any single item in the list can activate the trigger. If a trigger fails to detect any items in the Included list, the trigger does not activate. For example, if a Web page capture trigger uses an Included URL list, any URL on this list triggers a capture when the user browses to it.

Included Addresses lists also affect data lookup commands that use %sender%, %recipient%, %senderalias% or %recipientalias% variables. If a trigger uses an Included list, these data lookup commands only evaluate included email addresses.

Excluded lists

Excluded items are allowed items. If a trigger uses an Excluded list, any items can activate the trigger except items in this list. If a trigger fails to detect any items in the Excluded list, the trigger activates.

For example, a control trigger for incoming emails uses an Excluded Addresses list. The trigger always activates when it detects an incoming email unless the email is from a sender on the Excluded list. If it is from an Excluded sender, the trigger does not activate.

Excluded Addresses lists also affect data lookup commands that use %sender%, %recipient%, %senderalias% or %recipientalias% variables. If a trigger uses an Excluded list, these data lookup commands do not evaluate excluded email addresses.

Note: Excluded lists containing multiple items require special attention. For these lists, Web pages, files, or emails are only exempted if all listed items are detected. For example:

• An outgoing email sent to multiple recipients is only exempted if all recipients are on the Excluded Addresses list. If any of the recipients are absent from the Excluded Addresses list, the trigger will activate as normal!
• A Search Text trigger for Web pages that specify multiple excluded words always activates unless every word on the Excluded text list is detected on the Web page. If any listed words are missing, the trigger activates as normal. If all listed words are detected, the trigger does not activate.

Ignored lists

Available only for file and email address lists.

If a trigger has email addresses or top level file names in an Ignored list, these addresses and files are ignored by the trigger and cannot cause the trigger to activate. In effect, ignored item lists enable you to exempt specific files and email addresses from normal control trigger operations.

For example, a control trigger for outgoing emails blocks emails sent between the Research and Sales teams, but the Research manager is exempted from this rule and so added to the Ignored Addresses list. When the trigger detects emails sent by the Research manager to any member of the Sales team, the trigger infers that it must ignore the email and does not activate.

Ignored Addresses lists also affect data lookup commands that use %sender%, %recipient%, %senderalias% or %recipientalias% variables. If a trigger uses an Ignored list, these data lookup commands do not evaluate ignored email addresses.

Combination list checking

Available only for URL and email address lists.

In effect, combination list checking enables you to appoint a censor. For example, combination list checking allows you to block emails sent between the Research and Sales departments unless a copy has also been sent to a particular manager (for example, your regulatory compliance officer).

How does this work? First, the detected URL or address is compared against the Included list. If a match is confirmed, the URL or address is then compared against the Excluded list. If it also appears in the Excluded list, the URL or address is exempted and the trigger does not activate.

To illustrate the required policy settings in the earlier example, the group policy for the Sales department could include a control trigger for outgoing emails with the following list settings:

In this situation, CA DLP would detect an email sent to, say, frankschaeffer@research.unipraxis.com and trigger a control event (for example, to block the email) unless the compliance.officer@unipraxis.com was also included in the To: or Cc: list.