We've had the exact same problem for about a month now, which we heard about after we tried to get one of our users into using a password manager. I've tried both the complete URL (which has multiple levels, host.internal.company.tld) and the second-level domain only (company.tld). LastPass still prompts to save the login for any of our sites unless we intervene and say "never" when it asks, where it creates a Never Add Site rule for company.tld instead of using the Never Do Anything rule already in place. We really need the Never Do Anything to keep LastPass as far away as possible from one of our business applications, an ERP that, by definition, is nothing but massive amounts of form fields on massive amounts of different screens. LastPass should never, ever try to save something on that site because it jeopardizes the quality of our business data while wrecking Chrome's performance. We'd really like to use it otherwise, and are even exploring Enterprise packages, but it'll be the end of the project if we can't completely block it on certain sites.