search cancel

Hundreds of protocol highlights in incident snapshot

book

Article ID: 162995

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Incidents are appearing with hundreds of protocol matches in the incident snapshot.

Cause

The cause appears to be multiple policies with identical Protocol or Endpoint Monitoring rules on them.

Resolution

Find all policies with identical "Protocol or Endpoint Monitoring" rules and modify them to no longer be identical.  You don't need to change the functionality of the rule, just how it is done.  For example, you can still monitor Email, HTTP, and HTTPS but on one policy you could have all three within the same rule while the next policy has the same combination of protocols spread between two rules, etc.  Doing this has shown to eliminate the repeated protocol highlighting issue within incident snapshots.

 

A fix will be provided with DLP 15.5 MP1.