Detection happens on a text file inside a .jar file which has been set as an exception in a policy
Article ID: 160602
Updated On:
Products
Data Loss Prevention Endpoint Prevent
Data Loss Prevention Network Monitor
Data Loss Prevention Network Prevent for Email
Data Loss Prevention Network Discover
Data Loss Prevention Network Prevent for Web
Issue/Introduction
If there is an exception for a *.jar file in the policy. There was a .txt file inside the .jar file which contained a violating text. The .jar was excluded, however the text within was extracted and detection happened on the same.
Applies to :DLP v11.x, 12.0
Resolution
Cause:
When you set the detection to Matched Component Only, and the detection is set on an Archive File type, the matched component is the internal file and NOT the archive file. So, the exception would not trigger.
If you set the exception to be applied to entire message (i.e. any message component), it would look over the entire message to see if there was a .jar file and it would then apply.
Set the “Apply Exception to” part in the policy to “Entire Message” instead of “Matched Components Only” (which is selected by default).
Feedback
Yes
No
Powered by
