Why are the Match On options grayed out?

book

Article ID: 160780

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You are unable to select an one of the options in the Match On field of the Conditions section while configuring a policy exception.

 

Resolution

This is by design as there are certain conditions where the options will be unavailable for selection. Also you should note that for DLP Endpoints the whole message is scanned and not individual components there for the Match On option is not available to Endpoints.

This is described in the section Selecting components to match on on page 349 of your Symantec_DLP_11.0_Admin_Guide.pdf as follows:

Selecting components to match on

 

 

The availability of one or more message components to match on depends on the type of rule or exception condition you implement.

 

Description:

Envelope

 

If the condition supports matching on the Envelope component, select it to match on the message metadata. The envelope contains the header, transport information, and the subject if the message is an SMTP email.

If the condition does not support matching on the Envelope component, this option is grayed out.

If the condition matches on the entire message, the Envelope is selected and cannot be deselected, and the other components cannot be selected.

Subject

Certain detection conditions match on the Subject component for some types of messages.

 

See “About message components that can be matched” on page 293.

For the detection conditions that support subject component matching, you can match on the Subject for the following types of messages:

SMTP (email) messages from Network Monitor or Network Prevent (Email).

NNTP messages from Network Monitor.

Exchange email messages delivered by the Classification Server.

See the Enterprise Vault Data Classification Services Implementation Guide for more information.

To match on the Subject component, you must select (check) the Subject component and uncheck (deselect) the Envelope component for the policy rule. If you select both components, the system matches the subject twice because the message subject is included in the envelope as part of the header.

Body

If the condition matches on the Body message component, select it to match on the text or content of the message.

Attachment(s)

If the condition matches on the Attachment(s) message component, select it to detect content in files sent by, downloaded with, or attached to the message.

 

Reference:

Match On: selection ignored on the Endpoint

 

There is an existing Enhancement Request for this feature PM-1773 - "Endpoint Detection: Allow Match On: Envelope, Body, Attachments"