What is the difference between 100% match and 'matched exactly with IDM incidents.
book
Article ID: 392219
calendar_today
Updated On:
Products
Data Loss PreventionData Loss Prevention Core PackageData Loss Prevention Network Prevent for EmailData Loss Prevention Network Monitor and Prevent for WebData Loss Prevention Network Monitor and Prevent for Email and WebData Loss Prevention Network Monitor and Prevent for EmailData Loss Prevention Network DiscoverData Loss Prevention Network MonitorData Loss Prevention EnforceData Loss Prevention Endpoint DiscoverData Loss Prevention Endpoint PreventData Loss Prevention Discover SuiteData Loss Prevention Network ProtectData Loss Prevention Plus Suite
Issue/Introduction
When one file runs through detection the resulting incident says "100% matched". For another file detected we see "matched exactly". What is the difference between these two occurrences?
Environment
Indexed Document Matching.
Resolution
IDM implements three forms of matching: exact, 100%, and derivative.
Matching
Description
Exact match
An exact match occurs when the MD5 digest, file length, and file format type of a detected file match that of an indexed file. Exact matching is performed when the minimum document exposure for the IDM rule is set to "Exact." Exact matching is performed on both binary and content-based files.
100% match
A 100% match occurs when a detected file matches the complete fingerprint (hashes) of an indexed file; that is, all of the content matches exactly and is the same file format 100% matching is performed when the minimum document exposure is set between 10% and 90%. 100% matching is performed on text-based files.
Derivative match
A derivative match occurs when a detected percentage of content matches at least that amount in an indexed file; that is, only the content matches the %, the file format is not checked. Derivative matching is performed between when the minimum document exposure is set between 10% and 90%. Derivative content matching is performed on text-based files.
