When configuring a policy you can attach a download\upload profile that contains match criteria that won’t be enforced due to incompatible configuration thus resulting in a rule that can't take action.  Below are the limitation scenarios.

1. File type limitation
   
   Document Isolation will be possible only for the following file types:
   
   
   
   
2. Max download \ Max Upload sizes
   
   The download profile defines the maximum size allowed for a file upload or download. If the file exceeds this size, the configured fail action will be triggered.
   
   
   
3. Password protected archives are not supported
   
   Inspecting a document will not allow the needed interaction to provide a password, therefore password protected download will fail.