Can a value be listed multiple times in an EDM and still be detected?

book

Article ID: 159488

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Enforce Data Loss Prevention Network Prevent for Web Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover

Issue/Introduction

I have an EDM that includes manager e-mail.  In testing, one manager has more than 10 direct reports, but I am unable to match a policy with his e-mail address.  His employees match fine.  Is there something wrong with listing the e-mail address multiple times?

Resolution

The EDM tries not to index common terms.  By default, a common term is defined as something listed more than 10 times.  In this case, the manager's email address is listed in the EDM too many times, and therefore, Symantec DLP will not match on that common term (manager's email address). 

This value can be increased in the Indexer.properties file, but it is best-effort. If it causes error you must set it back to the default 10, please refer to TECH221107.

Indexer.properties file:

If a term appears in SDP more then this number of times,

# it is considered a common term with appropriate ramifications

# during SDP indexing and detection.

sdp_term_commonality_threshold=10

 

See also TECH219994:   Using Common Values when indexing an EDM file