VEP file elimination causes false negatives with SEE (Symantec Endpoint Encryption).

VEP File Elimination should be disabled when:

• Two-Tier policies are used, OR
• Data Retention is enabled on the Endpoint, OR
• Endpoint Discover is used, OR
• Symantec Endpoint Encryption is used on the Endpoint.

Otherwise, VEP File Elimination can be enabled.

The Advanced Agent setting is "FileSystem.ENABLE_VEP_ FILE_ELIMINATION.int". For more details on that, see this TechDoc page: Advanced agent settings (broadcom.com)

You may be also interested in following Article ID: 273015 DLP agent temp folder is filling up with .Vep files on machines that use Microsoft Edge.