Linux agent detection technology policy scenarios

If a policy uses both supported and unsupported detection technologies, the DLP Agent for Linux applies the DCM and IDM detection rules in exceptions and policies and does not provide any matches for unsupported detection technologies.
The follwing table outlines policy configurations that your organization may be using and states whether detection is applied on Linux endpoints for each.
Policy rules and detection scenarios for Linux endpoints
Policy configuration
Detection applied on Linux endpoints
Description
DCM rule
OR
EDM or VML rules
DCM rule is applied
If the policy uses keyword matching with EDM index matching (connected by OR expression), the documents that contain the keyword log incidents.
However, if the document does not contain the keyword but matches the EDM index, no incident is logged. The EDM index is not applied.
DCM rule
AND
EDM or VML rules
No rules are applied
If the policy uses keyword matching with EDM index exact matching (connected by AND expression), the documents that contain the keyword do not log incidents, even if the document matches the EDM index. The EDM index is not applied.
Exception rule in a policy that contains DCM detection
OR
Exception rule in a policy that contains EDM, or VML rules
DCM exception is applied
If the policy uses an exception with keyword matching (for example, "sensitive") and uses EDM profile matching (connected by OR expression), the document that contains the "sensitive" keyword is excluded from being monitored.
However, if the document does not contain the "sensitive" keyword but matches the EDM index, the document is not excluded from being monitored. In this scenario, only the DCM exception rule is applied. Documents that match the EDM index are not excluded from being monitored.
Exception rule in a policy that contains DCM detection
AND
Exception rule in a policy that contains EDM or VML
No exceptions are applied
If the policy uses an exception with keyword matching (for example, "sensitive") and EDM profile matching (connected by AND expression), the document that contains the "sensitive" keyword is excluded from being monitored even if the document matches the EDM index. Documents that match the EDM index are not excluded from being monitored.
DCM rule
AND
Exception rule in a policy that contains EDM or VML
DCM rule is applied
If the policy uses keyword matching (for example "sensitive") and uses an EDM profile exception (connected by AND expression), the documents that contain the keyword log incidents.
However, the documents that match the EDM index are not excluded from being monitored.