Compound Policy As A Logical "AND" Has Wrong Match Count And Highlighting
Article ID: 160772
Updated On:
Products
Data Loss Prevention Endpoint Prevent
Data Loss Prevention Network Monitor
Data Loss Prevention Network Prevent for Email
Data Loss Prevention Network Protect
Data Loss Prevention Endpoint Discover
Issue/Introduction
Compound policy as a logical "AND" has wrong match count and highlighting
Resolution
The behavior is as designed. The detection rules are designed to work at a component level and not at the token level.
So when two rules are compounded as an "and" together, it is performing the logical ‘and’ during detection; however, it is finding that the first rule matches some part of the entire message "AND" the second rule matches some part of the entire message. It is not checking to see that each token/word matches both rules. Thus, the match count and highlighting appear to be incorrect.
Feedback
Yes
No
Powered by
