Detection happens on a text file inside a .jar file which has been set as an exception in a policy

book

Article ID: 160602

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Discover Data Loss Prevention Network Prevent for Web

Issue/Introduction

If there is an exception for a *.jar file in the policy.  There was a .txt file inside the .jar file which contained a violating text.  The .jar was excluded, however the text within was extracted and detection happened on the same.

Applies to :DLP v11.x, 12.0

Resolution

Cause:

When you set the detection to Matched Component Only, and the detection is set on an Archive File type, the matched component is the internal file and NOT the archive file. So, the exception would not trigger.

 

If you set the exception to be applied to entire message (i.e. any message component), it would look over the entire message to see if there was a .jar file and it would then apply.

Set the “Apply Exception to” part in the policy to “Entire Message” instead of “Matched Components Only” (which is selected by default).