If a Microsoft Word document (.docx) has an URL which points to a monitored file extension false positives are seen.
Discover and Network Incident Snapshot shows match highlight for file name within a URL.
Example of false positive when using File Name rule looking for *.aspx
When DLP inspects a file attachment which includes a URL link within the document. DLP parses this file and reads the URL as a File Name or File Extension.
This applies to the following Rule Conditions.
Add a compound rule to also look for File Size greater than 1 byte to avoid false positives when looking for File Name or File Type.
Example of modified policy that looks for File Name *.aspx and *.docx compounded with Size Rule.