DLP Endpoint agent custom identifier does not create incidents.
search cancel

DLP Endpoint agent custom identifier does not create incidents.


Article ID: 160125


Updated On:


Data Loss Prevention Endpoint Prevent


Symantec Data Loss (DLP) Endpoint Agents do not generate incidents for policies you have configured with a custom data identifier.

EDPA log 

01/01/2013 12:00:00 |  1234 | INFO    | MessageLogger   | MESSAGETYPE_DETECTION_RESULT    MESSAGESOURCE_DETECTION  01/01/2013 12:00:00  [req#123 FAILURE <\b> is not a valid letter for index  no incidents]


The custom data identifier contains an invalid regular expression element.


The DLP custom data identifier language uses a subset of the regular expression command set. Not all valid regex elements are supported. Note that the exact text in the log varies, however, the portion of the log entry following "req#nnn FAILURE" indicates the issue. In this log example, the character that is enclosed in angle brackets, <b>, is the expression element that is invalid.

To resolve the problem, check all custom data identifiers that are used in your policies. Ensure that you remove anything causing the error or is unsupported.

For additional information refer to the following articles: