I noticed that my DLP generate incidents about sending outsite my company many emails with sensitive data (I use tagging), but then I chceck that message in evidence (including the message body, attached files), I don't find the reason why system generate incident - email and included files don't have any sensitive data.
I automatically tagged every file from some web application where we stored sensitive data.
Maybe earlier someone sent this type of data (e-mail has the subject markers FW: and RE and when somone want to send/forvard that email outsite my organization, system generate incident. But why?
Given the number of problems you are having, it might be best to contact your McAfee distributor and get some on-site professional help?