After installing or upgrading a Linux Network Monitor, all services are running but you see the following errors in Enforce console and no incidents are created:

On a fresh install, this failure condition can happen if SELinux is enabled or if DLP is installed on a partition mounted with the option "nosuid".

On an upgraded system, ensure the version-specific upgrade root script was run from the correct location per the DLP Upgrade Guide for Linux.

If the upgrade was done as the root user and not protect, change the owner and permissions of the file "/opt/Symantec/DataLossPrevention/DetectionServer/<version>/Protect/bin/PacketCapture" with the following 2 commands and restart the services:

chown root:SymantecDLP PacketCapture

chmod 6755 PacketCapture

In DLP 16.0+ You must also chown PacketCaptureLauncher and PacketCaptureLoaderArguments.conf

After applying 16.0.0101, 16.0.0200, and 16.0.0201 you may need to apply these permissions. 

    chown root:SymantecDLP PacketCaptureLauncher

    chown root:SymantecDLP PacketCaptureLoaderArguments.conf

In the Protect/bin directory, all executables should be set to 750 , except for PacketCaptureLauncher which should be 4750.
The defaults will be corrected in a future release. 

NOTE:  It is recommended to reinstall any Linux detection server that has been upgraded improperly as the root user to ensure successful upgrades in the future.