Data Loss Prevention Endpoint
IDM detection with print or fax detection may not work.
A file that is copied to the USB generates an incident.
When the same file is sent to a printer it may not generate an incident.
If using a DCM policy, the same file is detected regardless of which component is monitored.
Steps to reproduce
At present, Print/Fax is not supported for IDM detection.
IDM detection for printing has known issues.
If a file has fewer than 1000 non-whitespace characters, then we only do an exact match, which means an md5 of the binary file.
If that happens, we do not detect on print because the print driver captures the print events.
Detection never sees the original file, so we cannot do the md5 match.
The message is based on the print spool, not based on the original file.
The pages may be sent to the printer out of order.
The order change may change the percentage matches.
If the print job injects any content (page #, etc.) then the match percentage could be considerably lower.