What is the difference between 100% match and 'matched exactly with IDM incidents.

search cancel

What is the difference between 100% match and 'matched exactly with IDM incidents.

book

Article ID: 392219

calendar_today

Updated On: 03-31-2025

Products

Data Loss Prevention Data Loss Prevention Core Package

Issue/Introduction

When one file runs through detection the resulting incident says "100% matched". For another file detected we see "matched exactly". What is the difference between these two occurrences?

Environment

Indexed Document Matching.

Resolution

IDM implements three forms of matching: exact, 100%, and derivative.

Matching	Description
Exact match	An exact match occurs when the MD5 digest, file length, and file format type of a detected file match that of an indexed file. Exact matching is performed when the minimum document exposure for the IDM rule is set to "Exact." Exact matching is performed on binary files.
100% match	A 100% match occurs when a detected file matches the complete fingerprint (hashes) of an indexed file; that is, all of the content matches exactly and is the same file format 100% matching is performed when the minimum document exposure is set to "Exact." 100% matching is performed on text-based files.
Derivative match	A derivative match occurs when a detected percentage of content matches at least that amount in an indexed file; that is, only the content matches the %, the file format is not checked. Derivative matching is performed between when the minimum document exposure is set between 10% and 90%. Derivative content matching is performed on text-based files.

Feedback

thumb_up Yes

thumb_down No