Detection Does Not Occur if a Sender Pattern Contains a Forward Slash in User Names.

search cancel

Detection Does Not Occur if a Sender Pattern Contains a Forward Slash in User Names.

book

Article ID: 375245

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

Detection can be missed if a sender pattern contains a forward slash in usernames instead of a backslash. For example, domain/username.

Environment

16.0 RU2

Cause

A Symantec DLP 16 RU2 matching optimization does not account for the possibility of using the undocumented use of a forward slash for the usernames in sender patterns.

Resolution

This issue will be addressed in a future release.

However, Symantec recommends that you only use usernames instead of including domains because this pattern would have a greater frequency of getting matched across the data channels where the username is the common data available. Including the domain limits matches because usernames are already unique. If domains are required to be part of the username, use backslashs instead of forward slashes.

For example, you CAN use:

domain\username
example\john.doe
john.doe

Do NOT use:

domain/username
example/john.doe

Feedback

thumb_up Yes

thumb_down No