Good Morning,
I have endpoint agents installed with a configuration where outlook is enabled. I have a policy that is doing a regular expression match for email addresses. I have the Match On selected for only envelope, however, when the policy creates an incident it is showing that there are values in the body that are also matching when the policy is not configured to look at that to do the match on. Is there something specific about the endpoint agent and its integration with Outlook in that regardless of what you select to match on, for outlook email messages being sent out it will always look at the body? Is there a way to exclude the body from being included in the match on automatically, regardless of what is set in the policy condition?
Example: Email sent to someone@domain.com with subject of test and body of another@domain.org.
Policy is sent only to endpoint server and the rules look for email using a regular expression condition to only match on Envelope and count all matching and create an incident on at least 1 match
This creates an incident that indicates 2 matches, one of someone@domain.com from the header and one of another@domain.org from the body.
My understanding is that the envelope is the header of emails and with the checking of only envelope for the match on that the body should not identify a match.
I appreciate any and all help in understanding why this is occuring and if there is a way for it to match as it is desired.
Joe Schmidt