Hello,
@ allenchung
If the issue is just on detection probably you have the two_tier_idm enabled setting turned off OR your computer is not connected to network. As NDeen said, you need connection to endpoint server to match partially the documents as it cannot be resolved itself on agent.
@ NDeen
"Agent IDM lets lets you use the block, notify, and user cancel response rules on the endpoint with IDM"
Thta'ts not completely true. The reality is that just a small percentage of documents (IDM indexed) can actually be blocked/user cancel'ed on agent..
@ ipeque
If I understand correctly, the response rules are not working for IDM detection method. That's because the agent needs to contact the endpoint server to identify if the document is violating any policy; meanwhile it can't block/notify the end-user "on the fly" (it needs time let's say..) so the DLP will create an incident after some time but won't block the action. There is a small percentage of documents which the agent itself has enough information to decide if the action should be allowed or not, and in that case you might have a block/user cancel immediately. Summarizing, even documents which match exactly or 100% are difficult to be blocked on endpoint.
BR,