We have a use case where we want to ignore filenames that start with image00* and att00* from a specific rule, but continue to check for rule trigges with other filenames. I’m afraid if I create a filename exclusion.. once DLP sees that filename it will exclude ALL the policy rules for that whole message.
Am I understanding the logic right or is there another way around it?
Example:
A “123ABC” Policy that has a DCM rule which matches the word 123ABC In ANY attachment except for attachments that start with the name image00* or att00*.
testing.txt = "This is a test document 123ABC"
att0001.txt = "Another test document"
image001.jpg = Test Image
Example message 1:
• Attachment Name: testing.txt
• Outcome: Alert because testing.txt is a valid filename
Example message 2:
• Attachment Name: att0001.txt
• Outcome: No Alert because att0* is excluded.
Example message 3:
• Attachment Name: image001.jpg
• Outcome: No Alert because image0* is excluded.
Example message 4:
• Attachment Name: testing.txt & att0001.txt
• Outcome: Alert because testing.txt is a valid filename
Example message 5:
• Attachment Name: testing.txt & att0001.txt & image001.jpg
• Outcome: Alert because testing.txt is a valid filename