Hello,
First of all let me tell you the test case. This is simple, I want to build a policy with a detection rule and an exception. The test will be conducted for Network Prevent for Email integrated with MS Exchange 2007. The Exchange server adds a custom text (as a signature) to every outgoing mail. The custom text is a small text, like: "This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it
is addressed.".
Now, my policy looks like:
Detection: DCM, keyword: "confidential"
Exception: "This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it is addressed."
When I send an email with the word confidential in body/subject no incident is raised. When I remove the exception from that policy and resend an email with confidential in body/subject an incident is created.
First, I thought that the confidential word found in the custom text was the problem so I removed it leaving only: "This email and any attachments to it contain information and are intended solely for the use of the individual to whom it is addressed."
I restarted the test and I have the same problem. When I want to send an email that contains confidential body/subject no incident is created. When I remove the revised exception an incident is created.
Any ideas?