Event Code 1803 Policy has no associated severity

book

Article ID: 160638

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Event Code 1803 Policy has no associated severity

Resolution

One possible reason for receiving this code is that the Detection Server had not completed receiving the Policy from the Enforce server MonitorController (older versions) or SymantecDLP Controller (newer versions) when it processed an incident(s). It had received the Policy Rules, but not the commands (like what severity to apply).

The Detection Server generates an event indicating the Policy had no severity, and then assigns the default of High to the incident(s).

Eventually the Detection Server will finish receiving the Policy commands and the issue will resolve itself.

Recycling the Enforce MonitorController (older versions) or SymantecDLP Controller (newer versions) process will also resolve the issue quicker. If recycling the service did not fix it then identify the problem servers and recycle the Detection server Vontu Monitor (older version) or SymantecDLP (newer versions) service locally on those boxes.

You can also edit the policies and change the Severity to something else, save the policy then edit the policy again and change it to the correct Severity. This will refresh the information in the Oracle DB.

If none of the above resolve your issue and your are running a version earlier than 15.7 please see KB Article Id: 176311 - Deleting a policy causes other policy severities to be reset to default