search cancel

The Match On options are grayed out in the conditions section of the DLP policy rule or exception

book

Article ID: 160780

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

You are unable to select one or more of the options in the "Match On" field of the Conditions section while configuring a policy rule or exception.

 

Resolution

This is by design as there are certain conditions where the options will be unavailable for selection.
Also, you should note that for DLP Endpoints the whole message is scanned and not individual components, therefore the "Match On" option is not available to Endpoints.

This is described in the section "Selecting components to match on" in the online help or administration guide for your DLP version as follows:

Selecting components to match on

The availability of one or more message components to match on depends on the type of rule or exception condition you implement.

 

Description:

Envelope

If the condition supports matching on the Envelope component, select it to match on the message metadata. The envelope contains the header, transport information, and the subject if the message is an SMTP email.

If the condition does not support matching on the Envelope component, this option is grayed out.

If the condition matches on the entire message, the Envelope is selected and cannot be deselected, and the other components cannot be selected.

Subject

Certain detection conditions match on the Subject component for some types of messages.

 

See “About message components that can be matched” on page 293.

For the detection conditions that support subject component matching, you can match on the Subject for the following types of messages:

SMTP (email) messages from Network Monitor or Network Prevent (Email).

NNTP messages from Network Monitor.

Exchange email messages delivered by the Classification Server.

See the Enterprise Vault Data Classification Services Implementation Guide for more information.

To match on the Subject component, you must select (check) the Subject component and uncheck (deselect) the Envelope component for the policy rule. If you select both components, the system matches the subject twice because the message subject is included in the envelope as part of the header.

Body

If the condition matches on the Body message component, select it to match on the text or content of the message.

Attachment(s)

If the condition matches on the Attachment(s) message component, select it to detect content in files sent by, downloaded with, or attached to the message.

 

Reference:

Match On: selection ignored on the Endpoint

Any condition evaluated by the DLP Agent matches on the entire message.

 

There is an existing Enhancement Request for this feature PM-1773 - "Endpoint Detection: Allow Match On: Envelope, Body, Attachments"