Endpoint policy detection fails when enforce sends policies with both "Check For Existence" and "Minimum Matches set to > 1"
search cancel

Endpoint policy detection fails when enforce sends policies with both "Check For Existence" and "Minimum Matches set to > 1"

book

Article ID: 271353

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite

Issue/Introduction

In DLP 16.0, Recipient pattern or DGM in an Endpoint policy with both the "At least N recipients must match" where N is a number greater than 1 and "Check for existence" causes Endpoint Detection to fail.

Below error is seen in the EDPA logs:

11/14/2022 12:44:32 | 15608795 | SEVERE  | Detection.ExecutionStore | if checkExistence is true m_minMatches must be 1 - /System/Volumes/Data/builds/VontuDev/workDir/Agent/DetectionCore/ConditionRequirement.h:84. No detection will occur 

Environment

Release : 16.0

Resolution

This is a product defect and has been fixed in DLP 16.0 MP2.

Additional Information

I have attached a script to this knowledge base that will help you find the policy that has both the conditions: 'At least N recipients must match' where N is a number greater than 1, and 'Check for existence.'

To run the script, please connect using 'protect@protect.'

When you execute the script, it will generate an HTML file that will display a list of policies.

In the HTML file, if you see 'MAXIMUMMATCHES' as -1, it means that 'All recipients must match' is selected. If you see any other number, such as 2 or 5, it indicates that 'At least N recipients must match,' where N is the number displayed.

Attachments

1694514559087__16-0-ExistsVsCountconflicts.sql get_app
Powered by Wolken Software