Dear Support Team,

I am experiencing a critical issue with the DLP agent where multiple policies with different enforcement actions are not functioning correctly.

Problem Description:

I have deployed two DLP policies to a client endpoint with the following configurations:

• Policy 1: Audit mode with specific keyword-based data classification
• Policy 2: Blocking mode with different keyword-based data classification

Note: There is NO overlap between the keywords defined in these two data classifications.

Current Behavior (Incorrect):

After deploying both policies to the endpoint, ALL keywords from both policies are being blocked, including those that should only be audited. The audit policy is not functioning as configured - it is blocking instead of auditing.

Expected Behavior:

• Keywords from Policy 1 should trigger audit actions only (logging without blocking)
• Keywords from Policy 2 should trigger blocking actions
• Each policy should enforce its configured action independently

Troubleshooting Already Performed:

When I remove the blocking policy (Policy 2) from the client, the audit policy (Policy 1) works correctly and only audits as intended. This confirms that the issue occurs specifically when both policies with different enforcement actions are applied simultaneously.

Conclusion:

It appears the DLP agent is unable to properly manage multiple policies with different enforcement actions. The blocking mode seems to override or affect all policies regardless of their individual configurations.

Please investigate this issue and advise on:

1. Whether this is a known limitation or bug
2. The correct method to configure multiple policies with different actions
3. Any required agent updates or configuration changes

Thank you for your assistance.