False positives are incidents created when a file that is classified as sensitive by the data classification technique is either a non-sensitive file or the file transfer is initiated for business reasons.
When a user performs an action that is restricted by the DLP policy, a block event triggers an alert message. Sometimes the alert event is for an action that is legitimate, but for some reason is considered forbidden by the DLP policy. Such incidents are false positives.
In such a case, when the user tries to access the sensitive file, the action is restricted by the DLP policy. To overcome this issue, the block can be marked as a false positive and the user can then access the sensitive file.
When accessing sensitive data an error message is displayed. From this error message, you can choose either I Have Business Reasons or Report False Positive.
If an action like file upload or file transfer is not authorized, but the sensitive data has to be transferred/accessed, you can opt for I Have Business Reasons. Here you can choose between the options Approved by Manager or Sending file to a client/customer or Personal Document, to justify your business need for transferring/accessing the file.
If the file itself does not contain sensitive data or if the data channel has to be added to the authorized list, you can opt for Report False Positive. You can choose between the options that report the issue to the administrator for approval upon analysis.