An Endpoint policy is created to detect the following data and block the transfer of the file:

<html>
<h1>Hello World</h1>
</html>

The policy is configured to detect a keyword match as follows:

<html>
<h1>Hello World</h1>
</html>

Note that the term "Hello World" can be any ASCII string you want.

The data is not detected and blocked and no incident is created.

The agent ignores the HTML tags if they are detected in the first 10 to 20 characters in the first line of the file.

If the file contains HTML tags in the first 10 to 20 characters, then the agent detects this as an HTML file and ignores the tags when the data is extracted.
The agent will only detect the ASCII data in the file.

If the file starts with ASCII characters and the HTML tags come later, after the first 10 to 20 characters, then the agent considers the file to be an ASCII file and extracts and detects the HTML tags.