search cancel

Two-Tier Detection not triggering incidents

book

Article ID: 163922

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

The Endpoint Server is Redhat Enterprise Linux (RHEL) and Two-Tier Detection (TTD) will not generate incidents.

Environment

Redhat Enterprise Linux
DLP 14.0.x

Cause

/, /var, /opt are on different partitions

Resolution

  1. Create a new drop_ttd folder under /opt
    • mkdir /opt/drop_ttd/
  2. update permissions
    • chmod --reference=/var/SymantecDLP/drop_ttd /opt/drop_ttd/
    • chown --reference=/var/SymantecDLP/drop_ttd /opt/drop_ttd/
  3. Open the protect.properties file
    • nano /opt/SymantecDLP/Protect/config/Protect.properties
  4. locate the following line:
    # Endpoint two-tier detection drop folder
    com.vontu.ttdinductor.dir = /var/SymantecDLP/drop_ttd
  5. Update com.vontu.ttdinductor.dir from /var/SymantecDLP/drop_ttd to /opt/drop_ttd/
  6. Restart VontuMontor service