You suspect a policy of false negatives (missing messages that should have been detected), and you wish to examine a piece of content to confirm that it is being detected correctly.
False negatives occur when messages are sent that should have created an event, but do not create an event. As a first step in troubleshooting a false negative, find the cracked text of the input document.
To find the cracked text of the input document:
From a command prompt, change directory path where the filter.exe is present
For example in version 15.8.x the default paths are:
To run the filter.exe:
filter <name of input file> <name of output file>
Note: If you get the following error, try adding the file extension for the file to the input file name.
Description: Could not filter file because the input file could not be found.
Error code: 24.
C:\Program Files\Symantec\DataLossPrevention\KeyView\12.2\Protect\plugins\contentextraction\Verity\x64>filter C:\Users\Administrator\Desktop\testfile.pdf output.txt
Also, if the path to the output file is not specified, the operation will default to the Filter directory. If so, you may receive the "error code returned is KVERR_CreateOutputFileFailed" (no write access to the directory is allowed). In some cases no error is thrown but the output file is not created, for the same reason.
You can either grant write access to the directory, or simply specify the full path to both the input and output files in the command.
C:\Program Files\Symantec\DataLossPrevention\KeyView\12.2\Protect\plugins\contentextraction\Verity\x64>filter.exe c:\temp\Testdata.docx c:\temp\Testdata-output.txt
filter: c:\temp\Testdata.docx to c:\temp\Testdata-output.txt
filter: error code returned is KVERR_Success
Finally, you can also use Filter to view metadata in files. Use the "-i" parameter to output just the metadata content to the output file.