Fill-in fields in a PDF are not being detected in DLP
search cancel

Fill-in fields in a PDF are not being detected in DLP

book

Article ID: 252164

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

PDFs that contain social security numbers that are being emailed as an attachment are not being detected or blocked.
The SSNs are typed into input (fill-in) fields in the PDF.

HTTP or HTTPS uploads of the same PDF are also not blocked.

Environment

Release: 15.8 but can affect any version.

Resolution

To reduce false positives, the policy has a keyword exception for the number "999999999".
The PDF form has that number as a sample bank routing number.
So the exception fired causing the policy to not block the transfer of the file.
After that keyword was removed, the policy did block the file from being transferred.

Another issue is that one of the lines in the form has you enter each digit of the SSN into a separate field.
These nine separate digits (example: 2 1 2 5 4 7 8 3 6) will not be recognized as an SSN by our detection engine.