Have you tried adding special character proximity condition?
That's probably your best bet.
Out of curiosity, why are you using such a general pattern?
Is the proximity condition set in the Classification Rule ?
Is there the ability to do a negative condition, "not next to special character"?
General pattern is being used primarily as an example.
Prefacing my response by noting that I have not tested the following but I think its the most efficient way to accomplish your use case.
1. Create a new Dictionary Definition:
- Create a separate line item for each special char and Click Starts With for each char and Score = 1for each
2. Create a new Classification > Add Classification Criteria > Select: Proximity > Click the button [...]
Once you are in the Proximity Operator set the following (pop-up box after clicking button mentioned above):
Proximity between: Dictionary > Select the Dictionary Definition created in # 1
and: Adv Pattern > Select your adv pattern with the 9 digit regex string
Closeness: is less than 1 characters
Match count: and found at least 1 times
Save Classification Criteria
3. Create a Data Protection Rule
- Condition: Use your initial Adv Pattern classification that contains the regex only
- Exception: Add Exception Rule - Select the newly created Classification with Proximity
Configure the other parameters of the rule as desired
Sorry, my instructions are formatted very neat but these steps should be able to get you to where you want to be. Give it a test and let me know, may need to tweak a bit.
As a side-note: I am not a huge fan of using built-ins on rules in production but they are extremely helpful references when building your own rules. They are also make it easy to create POC/demo rules to show functionality as decrease lead time in configuring.
Finally, I totally understand using general as an example, no reason to go over the top. That said, save yourself a migraine or 2 and never deploy a rule like that across the environment, especially if you are collecting evidence. You will instantly drown incident manager (and yourself) in a bazillion false positives.
LMK if the above solution works for you, it will be good to know definitively!