False positives are incidents created when a file that is classified as sensitive by the data classification technique is either a non-sensitive file or the file transfer is initiated for business reasons.
When a user performs an action that is restricted by the DLP policy, a block event triggers an alert message. Sometimes the alert event is for an action that is legitimate, but for some reason is considered forbidden by the DLP policy. Such incidents are false positives.
In such a case, when the user tries to access the sensitive file, the action is restricted by the DLP policy. To overcome this issue, the block can be marked as a false positive and the user can then access the sensitive file.