Detection happens on a text file inside a .jar file which has been set as an exception in a policy
book
Article ID: 160602
calendar_today
Updated On:
Products
Data Loss Prevention Endpoint PreventData Loss Prevention Network MonitorData Loss Prevention Network Prevent for EmailData Loss Prevention Network DiscoverData Loss Prevention Network Prevent for Web
Issue/Introduction
If there is an exception for a *.jar file in the policy. There was a .txt file inside the .jar file which contained a violating text. The .jar was excluded, however the text within was extracted and detection happened on the same.
Applies to :DLP v11.x, 12.0
Resolution
Cause:
When you set the detection to Matched Component Only, and the detection is set on an Archive File type, the matched component is the internal file and NOT the archive file. So, the exception would not trigger.
If you set the exception to be applied to entire message (i.e. any message component), it would look over the entire message to see if there was a .jar file and it would then apply.
Set the “Apply Exception to” part in the policy to “Entire Message” instead of “Matched Components Only” (which is selected by default).