ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Compound Policy As A Logical "AND" Has Wrong Match Count And Highlighting


Article ID: 160772


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Web Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover


Compound policy as a logical "AND" has wrong match count and highlighting


The behavior  is as designed. The detection rules are designed to work at a component level and not at the token level.

So when  two rules are compounded as an "and" together, it is performing the logical ‘and’ during detection; however, it is finding  that the first rule matches some part of the entire message "AND" the second rule  matches some part of the entire message. It is not checking to see that each token/word matches both rules.  Thus, the match count and highlighting appear to be incorrect.