Symantec Data Loss Prevention (DLP) Endpoint
The Endpoint Agent queries the Active Directory Server for targeting on User Group policies.
How often does the Endpoint Agent query the AD Server?
The Endpoint Agent queries the AD Server every time the edpa process is started. If the user shuts down their machine every night, the server will be queried when the machine is restarted.
If the Endpoint Agent is up for a default seven days, the agent will query the AD Server again. This value is configurable in the Advanced Agent Settings:
If the Endpoint user is connecting via VPN, the agent may not be able to connect to the AD Server at startup, because the startup of the edpa process occurs before the machine is able to connect to the AD Server. In this case, the agent will attempt to use the grp.ead file at startup, and will attempt again at the seven day mark and beyond.
If there is no grp.ead file, and the Endpoint Agent cannot connect to the AD Server, the Endpoint Agent will treat the user as if they are in no group.