A keyword policy with a compound detection rule, Keyword+Protocol Monitoring for HTTP/HTTPS, does not generate incidents.

1. Ensure the policy is set to Active.
2. Confirm the policy group name and ensure the Keyword+Protocol policy is assigned to the correct policy group.
3. Check if the Detection Server has been assigned the policy group required to load the Keyword+Protocol policy.
4. Review the Detection Server events for "1200 Loaded policy" or "1201 Loaded policies {0.EN_US}" to confirm the policy had been loaded.
5. Enable Detection Operational Trace logging (System > Servers > Logs > Configuration tab)

Refer to the Symantec Data Loss Prevention Administration Guide, Configuring server logging behavior section for more information.

6. Submit test data to an external web site where traffic will be intercepted by a web proxy with Network Prevent for Web attached.
7. Review 'detection operational trace' logs and ensure the Detection Server is accurately detecting the sensitive data and triggering incident creation.