Optionally, you can create Data at Rest Scanning exceptions for file sharing applications.

Configuring a scanning exception allows you to exempt specific folders or users from the Data at Rest Scanning policy, which consists of the Data Loss Prevention (DLP) and Malware Detection policies. When you configure a scanning exception for a folder, the Zscaler service completely ignores the files within the folder, i.e., its files aren’t evaluated with the Data at Rest Scanning policy. Likewise, the Zscaler service ignores an exempted user and the user isn’t evaluated with the policy.

To configure a scanning exception:

1. Go to Policies > Common Configuration > Out-of-band CASB > Scanning Exceptions.
2. Under Do Not Inspect Content From Any of the Following Locations:
   • To add an exception for a folder:
     1. Click Add Exception. A row with the Tenant, Owner, and Folder fields appears.
     2. In the row:
        • Tenant: From the drop-down menu, choose the SaaS application tenant that the folder belongs to.
        • Owner: From the drop-down menu, choose the user who owns the folder.
        • Folder: Enter the full path for the folder you want to exempt from inspection.
   • To add an exception for a user:
     1. Click Add Exception. A row with the Tenant, Owner, and Folder fields appears.
     2. From the Owner drop-down menu, choose the user you want to exempt from inspection.

3. Click Add Exceptions to exempt more folders or users from inspection. You can add up to 64 exceptions for folders and users. To remove an exception, click the Remove icon for the row.

   See image.

   

   Close

4. Click Save and activate the change.