Antivirus software running on the same system as Symantec DLP and may or may not be flagging it as a virus or a security threat.
You want to exclude DLP files from being scanned by antivirus software.
This article covers exclusions for DLP servers; for Agents, see Best Practice: Endpoint Agents with Antivirus Protection (broadcom.com)
Symantec Data Loss Prevention (DLP) frequently writes to several common directories. Some antivirus solutions may view this behavior like a virus or security threat and may shut down DLP.
Complete details can be found in the DLP installation guide: 15.7 / 15.8 / 16.0.
In your antivirus software, exclude or omit the following directories from future scans.
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\logs (with subdirectories)
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\scan
\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\temp (with subdirectories)
\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\tomcat
\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\tomcat\temp
\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\tomcat\work
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.8.00000\Protect\incidents
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.8.00000\Protect\index
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.8.00000\drop
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.8.00000\icap_spool
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.8.00000\packet_spool
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\logs (with subdirectories)
\Program Files\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\temp (with subdirectories)
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.8.00000\Protect\incidents
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.8.00000\Protect\index
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.8.00000\Protect\scan (with subdirectories)
\app\Administrator\oradata\protect
\app\Administrator\product\<version>\dbhome_1
Where <version> is the Oracle software version you are running
\ProgramData\Symantec\DataLossPrevention\OCRServer\15.8.00000
\ProgramData\OmniPage
\SymantecDLPOCR
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.7\logs (with subdirectories)
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.7\scan (with subdirectories)
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.7\temp (with subdirectories)
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.7\tomcatTemp
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.7\tomcatWorkDir
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.7\incidents
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.7\index
\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\tomcat
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.7\drop
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.7\spool\ICAP
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.7\spool\PacketCapture
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.7\Protect\incidents
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.7\Protect\index
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.7\Protect\logs (with subdirectories)
\Program Files\Symantec\DataLossPrevention\DetectionServer\15.7\Protect\temp (with subdirectories)
When the Symantec Data Loss Prevention application accesses files and directories, it can appear to antivirus software
as if it were a virus. Therefore, you must exclude certain directories from antivirus scans on Symantec Data Loss
Prevention servers.
Using your antivirus software, exclude the following Oracle directories from antivirus scanning:
• \app\Administrator\oradata\protect
• \app\Administrator\product\12.2.0.1\dbhome_1
Most of the Oracle files to be excluded are located in these directories, but additional files are located in other directories.
Use the Oracle Enterprise Manager (OEM) to check for additional files and exclude their directories from antivirus scanning.
Use OEM to view the location of the following database files:
• Data files, which have the file extension *.DBF
• Control files, which have the file extension *.CTL
• The REDO.LOG file
\SymantecDLPOCR\
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.5\logs
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.5\temp
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.5\tomcatTemp
\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.5\tomcatWorkDir
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.5\scan
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.5\incidents
\Program Files\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.5\drop
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.5\logs
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.5\temp
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.5\scan
\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.5\spool
\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\15.5\incidents
\oracle
echo %TEMP%.
\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\logs
\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\temp
\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\tomcatTemp
\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\tomcatWorkDir
\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\scan
\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\incidents
\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\tomcat
\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\drop
\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\logs
\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\temp
\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\scan
\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\spool
\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\incidents
\oracle
echo %TEMP%.
\drop
\drop_discover
\drop_ep
\drop_pcap
\drop_ttd
\icap_spool
\packet_spool
\SymantecDLP\Protect\incidents
\SymantecDLP\Protect\logs
\SymantecDLP\Protect\temp
\SymantecDLP\Protect\tomcat
\SymantecDLP\Protect\scan
\oracle
Note: Symantec does not recommend that you exclude individual binaries from antivirus applications. The names and locations of binary files may change with new software releases and patches. Additionally, we also create and place files in directories like drop, drop_pcap, etc. Since we do not know what the file names will be, we must exclude the entire directory.