When setting up a DLP Endpoint Prevent policy to look for file type and file size with the endpoint print channel, you may notice that the policy is not triggered and no response rule is executed.

These limitations are caused by the meta data that is passed to DLP from the print driver which is not always reliable for file size and type and is based on the specific print driver in use.

Instead of using a "Message Attachment or File Type Match" or a "Message Attachment or File Size Match" policy condition for print monitoring, use a content based condition such as keyword, regex, Data Identifier etc. When using content based conditions the Endpoint Agent is able to trigger the policy and execute the response rules which might fail for file size and file type conditions.