Relevant versions: ALL
STEPS TO REPRODUCE
1) Log-on to Vontu and select Policies under Policy menu.
2) Click on any of the existing policies from the policy list to edit
3) Click on Add Rule under Detection Tab to add a rule
4) Select content matches Data Identifier Radio button and select data identifier; for example SSN number
5) Click "Next" to navigate to the next screen. Specify Rule name and Severity. Click "Ok" to save the Rule
6) Click on Add Exceptions under Detection Tab to add a rule
7) Select content matches Data Identifier Radio button and select same data identifier; for example SSN number
8) Click "Next" to navigate to the next screen. Specify Exception name and Click "Ok" to save the Exception
RESULTS
The system should throw an error message or warn the user that Scan Rules and Exceptions cannot be the same.
ANSWER
The sytem accepts the same data for scan rules and exceptions without any error message or warning the user. You could say this is by design in the sense that Vontu does not explicitly crosscheck the set conditions for the exceptions and whether or not this will ultimately result in voiding each other out. Keep in mind that some of the policies rely on EDMs or IDMs which can be updated and could result in different "overlapping" policies. It would be very difficult to determine "on the fly" if the rules and exceptions indeed void each other out.