What are the data elements? What protocal are you trying to detect against (Endpoint, Network/Email, Discover)? Are there spaces in the data fields? did you index the EDM on save of the EDM? Has the index been pushed out to the server you are trying to detect with?
There are many things that could cause this to be an issue with detection. Please provide as many details as possible, thank you.