Sometimes administrator has added a specific website/URL/domain to the Ignore List in Trellix Data Loss Prevention Endpoint (DLPE), but end users still report that access is blocked. This usually happens because of configuration mismatches or policy inheritance issues.
Possible Causes
- The URL syntax in the Ignore List is incorrect (e.g., missing http/https, wildcards not used correctly).
- The policy changes have not yet been enforced on the endpoint.
- Browser-specific behavior (different process names or traffic redirection).
- Policy conflicts or agent communication delays with ePO.
1st Level Troubleshooting Steps
1. Verify Ignore List Entry Format
Double-check the exact URL or domain added to the Ignore List.
Ensure that the syntax matches what DLPE expects:
For entire domains: *.example.com
For specific URLs: https://www.example.com/path/*
Confirm that both http and https variations are covered if necessary.
2. Force Policy Update on Endpoint
On the affected endpoint, open Trellix Agent Status Monitor and force a policy enforcement:
cmdagent.exe /p (collect & send properties)
cmdagent.exe /e (enforce policies)
Wait a few minutes and retest access to the site.
3. Test Across Browsers
Some browsers use different executable processes (e.g., Chrome = chrome.exe, Edge = msedge.exe, Firefox = firefox.exe).
If the Ignore List is only applied to certain applications, other browsers may still be blocked.
Test in multiple browsers to confirm whether the issue is browser-specific.
4. Validate Policy Synchronization in ePO
In ePO Console, ensure the Ignore List is saved and applied to the correct policy assignment.
Confirm that the endpoint is part of the group receiving the updated DLP policy.
Re-deploy the policy if necessary.
5. Contact CSPG Support if the issue persists, for in-depth troubleshooting