Upgrading to DLP version 11.5? Run this PreChecker First


Article ID: 159748


Updated On:


Data Loss Prevention Enforce


Data Loss Prevention Endpoint users (current or former) may not be able to upgrade from version 11.x to version 11.5 under certain circumstances.  

The upgrade process may not succeed if the total filepath for an Endpoint incident is more than 254 characters. Specifically, the Upgrader fails if there was an incident that involved a file for which the pathname plus the filename exceeds 254 characters (and the incident is stored in your database).

If your Upgrader fails because of this issue, the SQLError.log file is created.


TASK_NAME                      ERROR_TYPE           ERRANT_STATEMENT                                                                                   ERROR
------------------------       -------------------  ---------------------------------------------------------------------------------------------------------
Upgrade Schemas Post DM        FATAL                ALTER TABLE MESSAGE MODIFY ENDPOINTFILEPATH VARCHAR2(255 CHAR)          ORA-01441: cannot decrease column length because some value is too big
ORA-30556: functional index is defined on the column to be modified


Before you upgrade, you can check whether incidents are generated with filepath and filenames larger than 254 characters.

Connect to the Enforce Server database using SQL*Plus and run the following query as the protect user:

SQL> select count(*) from message where length(ENDPOINTFILEPATH) > 254;

If the script returns count = 0, you are not affected by this issue. You can proceed with the upgrade.

If the script returns count = x where x is any value other than 0, your database contains Endpoint incidents with filepaths that are greater than 254 characters.

You must wait to upgrade until a new upgrader is available. Maintenance Pack (MP1) for version 11.5 is forthcoming from Symantec. You will need MP1 version 11.5 to upgrade if you have Endpoint filepaths greater than 254 characters.