Suffix validators on DI for endpoint it’s not triggering incident

book

Article ID: 225317

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

If an exclude suffix validators is added to a Data Identifier (DI) for and endpoint policy it will not exclude the detection properly if a trailing comma is present on the validator.

Cause

This is caused by the parser not properly handling the trailing command and invalidating the entire validator.

Environment

Release : 15.8

Component : Endpoint

Resolution

This is a known issue and will be addressed in a future release.

Workaround

Remove the trailing comma from the validator then apply it to the DI and save it. (Note that when you edit validators you must click the "Add Validator" button to update it before saving the DI)

Example suffix validator that fails:

test,test2,

Corrected suffix validator:

test,test2