I'm trying to create a custom rule package to use in a DLP rule in Exchange 2013. The rule in question will hold a list of words we want users to avoid using and prompt them with a policy tip to verify that they understand that the word(s) in question will cause the email to be reviewed and then let them override if needed. From reading throughDeveloping Sensitive Information Rule Packages andMatching Methods and Techniques for Rule Packages on TechNet and this blog with a fully fleshed out example I was able to create the following rule (it's around 400 terms total but I included some of the non offensive examples)
<?xml version=”1.0″ encoding=”utf-16″?><RulePackage xmlns=”http://schemas.microsoft.com/office/2011/mce”><RulePack id=”b4b4c60e-2ff7-47b2-a672-86e36cf608be”><Version major=”1″ minor=”0″ build=”0″ revision=”0″/><Publisher id=”7ea13c35-0e58-472a-b864-5f2e717edec6″/><Details defaultLangCode=”en-us”><LocalizedDetails langcode=”en-us”><PublisherName>InternalUser</PublisherName><Name>Screener word list</Name><Description>Detects the presence of pre-defined words we need to monitor</Description></LocalizedDetails></Details></RulePack><Rules><!– SIG Screen match list–><Entity id=”acc59528-ff01-433e-aeee-13ca8aaee159″ patternsProximity=”300″ recommendedConfidence=”75″><Keyword id="Screener_List"><Group matchStyle="string"><Term>bet</Term><Term>collude</Term><Term>collusion</Term><Term>gamble</Term><Term>game a broker</Term><Term>game an order</Term><Term>game the broker</Term><Term>game the order</Term><Term>gaming a broker</Term><Term>gaming an order</Term><Term>gaming the broker</Term><Term>gaming the crowd</Term><Term>gaming the order</Term><Term>Inside information</Term><Term>insider</Term><Term>Jump ahead</Term><Term>Jump in front</Term><Term>Steal</Term><Term>Stole</Term><Term>FOR INTERNAL USE ONLY</Term></Group></Keyword></Entity></Rules></RulePackage>
But when I try to import via the following command
New-ClassificationRuleCollection –FileData ([Byte[]]$(Get-Content -path "C:\DLP\test.xml" -Encoding byte -ReadCount 0))
I get the following error:
Unable to continue processing classification rule collection payload for decryption or further validations. Payload may contain invalid data.+ CategoryInfo : InvalidData: (:) [New-ClassificationRuleCollection], ClassificationR...yptionException+ FullyQualifiedErrorId : [Server=BY2PR02MB412,RequestId=82192f38-4e5e-43d1-8774-c932e3ea962b,TimeStamp=3/17/2014 8:09:32 PM] [FailureCategory=Cmdlet-Classification RuleCollectionDecryptionException] F08355D,Microsoft.Exchange.Management.ClassificationDefinitions.NewClassificationRuleCollection+ PSComputerName : pod51035psh.outlook.com
The Problem is I'm not 100% sure that I have the XML formatted correctly or if I'm doing something else wrong. I have tried the following :
- Generating multiple random GUIDs for my XML
- Saving the XML file as UTF-8 and UTF-8 without BOM
- I even tried uploading the same example in the blog I mentioned above with the example GUIDs and new GUIDs and I get the same error.
- I also tried using the MS example here at the bottom of the TechNet article Developing DLP Policy Template Files (the classification file creation and importing) with the supplied GUIDs and new GUIDs and received the same error as well