Incidents are not generated on older Endpoint Agents connected to 11.6 servers.

book

Article ID: 160350

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

After upgrading Enforce and Endpoint servers to 11.6, older Endpoint Agents stop generating incidents for some, or all, policies that use Data Identifiers.

Cause

This happens on older DLP Endpoints when using Unique Match Counting for Data Identifiers. If a policy containing a unique match Data Identifier rule is deployed to a DLP Agent that is not version 11.6 or later, the DLP Agent will not load the policy.

Resolution

Upgrade the older DLP Agents to at least 11.6.

Discontinue use of the Unique Match Counting feature for all policies that apply to older Endpoint Agents until they are upgraded to at least 11.6.