search cancel

Can a value be listed multiple times in an EDM and still be detected?


Article ID: 159488


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Enforce Data Loss Prevention Network Prevent for Web Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover


I have an EDM that includes manager e-mail.  In testing, one manager has more than 10 direct reports, but I am unable to match a policy with his e-mail address.  His employees match fine.  Is there something wrong with listing the e-mail address multiple times?


The EDM tries not to index common terms.  By default, a common term is defined as something listed more than 10 times.  In this case, the manager's email address is listed in the EDM too many times, and therefore, Symantec DLP will not match on that common term (manager's email address). 

This value can be increased in the file, but it is best-effort. If it causes error you must set it back to the default 10, please refer to TECH221107. file:

If a term appears in SDP more then this number of times,

# it is considered a common term with appropriate ramifications

# during SDP indexing and detection.



See also TECH219994:   Using Common Values when indexing an EDM file