Data Loss Prevention

I've scoured our forum resources as well as the Symantec KBs and documentation. I understand the the following are recommended to improve regex/regular expression performance:

• Look Ahead: (?=(?:[^-\w])|$)
• Look Behind: (?<=(^|(?:[^)+\d][^-\w+]))) and (?<=(^|(?:[^)+\d][^-\w+])|\t))

Here are some of the KBs and forum posts I have seen:

• https://support.symantec.com/en_US/article.TECH222152.html
• https://support.symantec.com/en_US/article.TECH219204.html
• https://www.symantec.com/connect/forums/expression-prefixsuffix

In Symantec's own KB (TECH222152) above, they recommed using PCRE compatible regex syntax. However, as far as I know, DLP uses Java. What's going on here?

Also, the recommended Look Behind seems to always "error out" using any of the regex tools, such as regexr.com or regex101.com. I always get a "lookbehind has to be fixed width" or a "positive lookbehind not supported in this flavor of regex."

Anyone have insights?

Thanks!

Nick

Nick,

THis has been one of those Wierd things.. there are different areas in DLP that use a different REGEX stadard.

Data Identifiers - Use a more Java based approach. Do not like OR's "|" and some other logic options

The Regex Policies use a PCRE approach.. so it all depends on he use case. 

Keep in mind that 15 has better options on proximity matching that simplifies some of these issues.

I know its a pain, just something to remeber. Overall Trial and Error.. 

Good Luck,

Ronak

PLEASE MARKED SOLVED WHEN POSSIBLE