I will likely speak with McAfee support regarding this but thought I would put it out there to see if anyone else has experienced this issue and if they have any insight.
I have a policy in place for detecting social security numbers which is using the default McAfee concept of the numbers formats in proximity to the social security number keywords. while monitoring incidents I felt the numbers I was seeing were too low so I adjusted the proximity higher and lower with no difference in result of number of incidents found. I then removed the keywords from the concept all together and began detecting multiple emails with legitimate social security numbers that I was not detecting before.
The issue with having the keywords out of the concept is that I have a large number of false-positives. I would like to eliminate these false-positives and I know that it requires having the keywords proximity in the concept but I do not want to risk missing the data I find without the keywords in place.
Has anyone experienced a similar issue and if so found a resolution?
Thank you for any assistance!
After further research and testing I have found situations where there are documents not created by our organization but have received and forwarded out that contain sensitive info such as SSN that had no keywords in proximity. Therefore I have no choice but to leave the proximity off and deal with the false positives.
Thank you to anyone who may have attempted to find a solution but did not answer.