You need two RTP policies.

1. To block any passwords, create a policy with DLP Profile A (P1) and Action to Block (I believe you already have this policy)
2. Above the first policy, add a new policy with DLP Profile B (P1 NEAR D5) and Action to Allow.

Hi Ejang,

Thanks for the reply. We are actually using API policies for this so don’t believe this solution would work.

Thank you,

KD

I asked the same question, specifically related to passwords near Zoom links here: 

Even with the final reply by Oscar it doesn’t work. This doesn’t seem to be possible even with custom entities enabled. I also opened a support ticket at the time and was also told this was not possible.

​@nduda,

I’ve reviewed your question many times.. Thanks for reaching out. This seems to be a big deal and I wonder why there aren’t more folks asking the same question.

@ejang please advise if there is a way to do this.

Thank you,

KD

​@kdibble 
I used the below expression and it worked. Please try.

(NOT (P0 NEAR D0)) AND (P0)

Ok this seems to work somewhat, but It depends on the format. For example, this wont trigger on a slack post with a hyperlinked zoom link. If you remove the hyperlink (text only) it triggers. This just might be Netskope not able to look at hyperlinks.

P0 = Passwords (Contextual)
C0 = company.zoom.us (custom entity)

(NOT (P0 NEAR C0)) AND (P0)

This was allowed to be posted:

This was prevented (same link, hyperlink removed)

​@kdibble Neither hyperlink nor text triggered the DLP in my environment.

​@kdibble I see now. You used a data identifier (C0) instead of a dictionary (D5). Please check the expression in C0.