DLP Enforce console shows the Endpoint agent as "connected" when the agent has disconnected.
Article ID: 159995
Data Loss Prevention Endpoint PreventData Loss Prevention Endpoint Discover
Your Symantec Data Loss Prevention (DLP) Endpoint agent is no longer connected to the network. However, the agent still shows a status of "connected" in the Enforce console.
Two scenarios exist where this behavior happens:
The Endpoint agent did not cleanly disconnect from the Endpoint Server. This disconnect can happen if the agent computer's network cable was unplugged, the agent service was not shut down cleanly, or the agent computer crashed.
The Endpoint Server was shut down before the agent being shut down or disconnected from the network.
It can take several minutes for the Endpoint Server to recognize that the agent has been disconnected. The default time is 5 minutes. Wait for 5 minutes to see if the status changes to disconnected. You can verify your configured interval by checking EndpointCommunications.HEARTBEAT_INTERVAL_IN_ SECONDS.int in the Advanced agent settings tab of your agent configuration.
If the Endpoint Server was shut down before the agent disconnect, Enforce shows stale data for that agent. Stale data shows until the Endpoint Server is restarted and the agent reconnects to the Endpoint Server.