Discover scan status stuck at "Loading Policies"

book

Article ID: 160476

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Network Discover

Issue/Introduction

The Symantec Data Loss Prevention (DLP) Enforce Discover scan remains stuck in the “loading policies” status, with no evidence that there is an issue.

The Discover scan_details log is likely empty, and you observe no other symptoms apart from slow scan performance.

Note: If all policies are withdrawn except for a single keyword policy, the Discover scan completes as expected.

Cause

This can occur when the Discover server assigned the scan does not have enough resources to load the configured policies. Detection Technologies such as Indexed Document Matching (IDM) and Exact Data Matching (EDM) can require significant resources (several GB of RAM) for large data sets.

Resolution

Disable the IDM or EDM based policies, restart monitor controller, and start the scan again. If the scan starts without any errors then asses if the database profile is the problem or the lack of system resources.

You may have to perform additional performance tuning on the Discover server to prevent further scan issues. 

Check if there are IDM or EDM based policies applied. The IDM or EDM database profiles could be corrupted, or the policies are too large for the DLP implementation. You may also need to make additional adjustments to Java Heap, as the initial settings may be too low and cause issues with loading the policies.

See Calculating EDM size for RAM requirements

Increasing Filereader Memory

If additional resources are available on the system, more can be allocated to the FileReader process. In the Advanced Server settings for the Detection Server, increase the RAM available to file reader:

BoxMonitor.FileReaderMemory = -Xms 1024M -Xmx 4096M