How to exclude blank evidence for the Web Post Protection rule in Data Loss Prevention Endpoint

NOTE: Technical Support does not recommend following this procedure if you are concerned about excluding 1-KB text files (.txt), as described in KB84372.

To exclude blank evidence files (.txt files) from being generated by the client when the Web Post Protection Rule is configured and the DLP Endpoint client incidents are reported to DLP Incident Manager:

1. Create a new file extension in Definitions:
   1. Log on to the ePO server and select Menu, Data Protection, Classification, Definitions.
   2. In the left pane, select File extension under Data.
   3. Select Actions, New.
   4. Type a unique Name (and a Description, if needed). Example: Exclude blank text files.
   5. Under Extensions, add the Name and Extension of the file:
      1. Type a generic name for the files. Example: Text files.
      2. Type the file extension. (Use uppercase letters for extensions, for example: TXT, DOC, TMP.)
      3. Click Add and Save.


2. Create a new file information in Definitions:
   1. In the left pane, select File information under Data.  
   2. Select Actions, New.
   3. Replace the default definition name with a unique name for this definition.
   4. Select File Extension from the Available Properties, set the Comparison to None of (NOT), and add the file extension definition that you created in step 1.
   5. In the left pane, under Available Properties, select File Size.
   6. Ensure that the Comparison drop-down list is set to less than (KB), and add the value 1.
   7. Click Save.
   8. Click the Classification tab and click Edit on the Classification Criteria or Tagging Criteria used in your Web Post Protection Rule.
   9. Select File Information in the Available Properties.
   10. Leave the Comparison as One of (OR).
   11. Click the Context Menu under Value and select the new definition.
   12. Click Save and Apply the policy.