User justification showing N/A for Endpoint incidents

book

Article ID: 160552

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

User justification showing N/A for Endpoint Agent (EPA) incidents.

Resolution

This symptom can occur if you login as user-A and try to do an operation as user-B. For example, login to a system as user ‘protectuser’ and execute the ‘runas /user:<administrator> copyfile.bat’ (here copyfile.bat copies a file from local drive to USB). If there is a block/notify response generated in this case, it will have N/A as the user justification. This is because the CUI.exe process is for each session, in this case for ‘protectuser’. But when the response gets generated for administrator, it doesn’t have a session and therefore no pop-up (note that block happens as expected in this case).

Also, there are 2 issues related to User Justification displaying ‘N/A’ which are fixed in V11.0. The Etracks are as given below:

(ET 2104974) - "User Justification" field in 'Notify' policy violation incident displayed as "N/A" on violating block and notify policies one after another.
(ET 2111214)  - "User Justification" in ‘User Cancel and Notify’ incidents shown as N/A when ‘Block, Notify and User Cancel’ policies are violated together

In order to address theissue, you would need to upgrade to 11.0 or later