Agent status in the agent overview can be green (OK), Yellow (Warning) or Red (Critical).
Refer to our Online Help for the most current list.
Table: Troubleshooting agents with Warning agent alert
Agent alert |
Cause |
Fix |
---|---|---|
DLP Outlook plug-in tampered with |
The Outlook plug-in was modified, disabled, or deleted. |
To fix the issue:
|
DLP Outlook plug-in installation failed |
The Outlook plug-in installation failed. |
Run the |
DLP Lotus Notes plug-in tampered with |
The Lotus Notes plug-in was modified. |
To fix the issue:
|
DLP Lotus Notes plug-in installation failed |
The Lotus Notes plug-in installation failed. |
Run the |
DLP AIM plug-in tampered with |
The AIM plug-in was modified or the plug-in installation failed. |
To fix the issue:
|
DLP AIM plug-in installation failed |
The AIM plug-in installation failed. |
Run the |
Active Directory user group resolution failed |
Active Directory permissions conflict with Symantec Data Loss Prevention (DLP) permissions. Also, Active Directory may not have attributes. |
Verify that the credentials that are passed to the agent have necessary permissions to extract logged-in user information from Active Directory. |
Agent is disabled by enforce user |
The administrator who executed the Agent List screen disabled the agent. troubleshooting task on the |
Start the Windows agent using the Agent List screen. You can also start the agent by using the sc command. For Mac agents, you must use the agent_start tool to start the agent. |
Agent requires restart |
The administrator can either disable or enable data loss monitoring on endpoints by executing the Disable or Enable troubleshooting task on the Agent List screen. Monitoring is enabled by default after the agent installation. However, when the administrator executes the Enable or Disable tasks and the agent is busy, the agent remains in a Warning state. |
Restart the agent on the Agent List screen.
|
Agent crash dump available on endpoint for analysis |
If the agent crashes, the Enforce Server displays the Warning agent alert type. In this scenario, a log file is created that Symantec Support can use to troubleshoot why the agent crashed. Agent crashes can be caused by the following:
If the agent crashes often, contact Symantec support and provide the crash dump files available at the path |
To fix the issue:
|
Agent version is older than Enforce Server version |
The agent is one version older than the Endpoint Server version to which it connects. For example, if the Endpoint Server is version 12.0 and the agent is 11.x, a Warning agent alert type displays. The features available in the Enforce and Endpoint Server are not available for these agents. DLP identifies these agents with a Warning alert because these agents do not provide current DLP features. |
Upgrade the agent to the latest version. |
Agent group attribute discovery failure |
Occurs if the agent cannot collect required data from Active Directory, which prevents the Enforce Server from moving the agent into an agent group. The agent cannot collect data if there is an issue with Active Directory permissions or if required attributes are missing from Active Directory. |
To fix the issue:
|
Agent group conflicts |
The Endpoint Server automatically assigns the agent to an Agent Group depending on the endpoint attributes set during the Agent Group setup. If the endpoint meets multiple Agent Group conditions, the Warning alert is thrown. |
To fix the issue:
|
Table: Troubleshooting agents with Critical agent alert
Agent alert |
Cause |
Fix |
---|---|---|
Agent is not reporting |
The agent has not reported to an Endpoint Server within the specified period of time. If the agent does not report after 18 hours, then DLP identifies the agent as not-reporting. Not-reporting agents do not receive the latest policies and configuration information, so they are marked with a Critical agent alert. |
To fix the issue:
|
Agent version is not supported |
The agent is two versions older than the Endpoint Server version to which it connects. For example, if the Endpoint Server is version 12.0 and the agent is 10.x, a Critical agent alert displays. The features available in Enforce and Endpoint Server are not available for these agents. DLP identifies these agents with a Critical alert because these agents do not provide current DLP features and may not operate as designed. |
Upgrade the agent to the latest version. |
File system driver is down |
The agent service cannot communicate with the DLP driver installed on the endpoint. Communication may not occur for the following reasons:
|
To fix the issue:
|