search cancel

Data Loss Prevention IDM policy not doing partial matches


Article ID: 172228


Updated On:


Data Loss Prevention Network Prevent for Email Data Loss Prevention


Symantec Data Loss Prevention (DLP) Indexed Policy Matching (IDM) policies are not working for partial data matches.

  • Those policies will work with exact data matches.
  • The incidents will show either "exact" or "100%".
  • The incidents show "exact" if there is an exact match.
  • They show "100%" if there is a partial match.


Per the following Help Center topic, the minimum number of normalized characters for exact matching is 50.
Whereas, the minimum number of normalized characters for partial matching is 300.
The test files being used were a little over 50 characters after normalization.

"Symantec Data Loss Prevention Help Center topic - Using IDM to detect exact and partial file contents"


DLP 15.x Endpoint Agent


Using a test file that contains over 300 characters after normalization worked.
The incident then shows the expected percentage of match.