The setting "All recipient must match (Email only)" is confusing and difficult to understand. 

Symantec Data Loss Prevention (DLP) Network Prevent for Email

Symantec Data Loss Prevention (DLP) Cloud Prevent for MS Office 365

Here we explain a number of test cases which demonstrate how the setting works. 

• If the cell is empty then the recipient is not listed in the mail being sent. 
• If you have 3 recipients [email protected], [email protected], [email protected] specified in the rule then an incident will match in the following cases where each is listed in the email To:

• If you add an additional recipient [email protected] to the email being sent then no incident will be created with any of the above recipients as follows:

 
With regards to the other setting “At least (#) recipient must match” the outcome is different as we could enable that option with the value of  # = 1 and have the following results:

So the email would, in that case, need to contain at least 1 of the 3 recipients [email protected], [email protected], [email protected] but can also include any other email recipients outside of those listed in the rule which will trigger an incident whereas the “All recipient must match” cannot.