DLP Enforce console shows the Endpoint agent as "connected" when the agent has disconnected.

book

Article ID: 159995

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

Your Symantec Data Loss Prevention (DLP) Endpoint agent is no longer connected to the network. However, the agent still shows a status of "connected" in the Enforce console.

Cause

Two scenarios exist where this behavior happens:

  • The Endpoint agent did not cleanly disconnect from the Endpoint Server. This disconnect can happen if the agent computer's network cable was unplugged, the agent service was not shut down cleanly, or the agent computer crashed.
  • The Endpoint Server was shut down before the agent being shut down or disconnected from the network.

Resolution

  • It can take several minutes for the Endpoint Server to recognize that the agent has been disconnected. The default time is 5 minutes. Wait for 5 minutes to see if the status changes to disconnected. You can verify your configured interval by checking EndpointCommunications.HEARTBEAT_INTERVAL_IN_ SECONDS.int in the Advanced agent settings tab of your agent configuration.
  • If the Endpoint Server was shut down before the agent disconnect, Enforce shows stale data for that agent. Stale data shows until the Endpoint Server is restarted and the agent reconnects to the Endpoint Server.