The DLP application reads and writes frequently to some common directories. If a Backup is running on a DLP Server, the DLP process may not be able to gain access to the files or folders and the DLP process may fail. To resolve this issue, exclude some directories from any scheduled or real-time Backup of the DLP servers.
Not Excluding these folders in the backup could result in corrupted data.
For Example, when a backup attempts to backup a file under the scan folder, various derby database failures can occur when the backup had temporarily blocked access to this incremental database causing the entire target to get scanned again as if it was a full scan.
Using the Backup software, locate the area where you can define the directories for backup exclusion, and exclude the following directories from the backup:
For DLP 11.6 through 15.0:
/drop
/drop_discover
/drop_ep
/drop_pcap
/drop_ttd
/icap_spool
/packet_spool
/SymantecDLP/Protect/incidents
/SymantecDLP/Protect/logs
/SymantecDLP/Protect/temp
/SymantecDLP/Protect/tomcat
/SymantecDLP/Protect/scan
/oracle
For DLP 15.1 and newer:
Enforce Server Specific:
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\logs
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\temp
C:\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\scan
C:\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\incidents
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\tomcatTemp
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\tomcatWorkDir
[Drive]:\Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\tomcat
Detection Server Specific:
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\drop
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\logs
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\temp
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\scan
C:\ProgramData\Symantec\Data Loss Prevention\Server Platform Common\15.1\incidents
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\spool
Oracle:
[Drive]:\oracle
You must also exclude the local temporary folder of the user that runs the DLP services (usually 'protect').
This can be tested by running the following command while logged in as the 'protect' user: echo %TEMP%
Typically the user is named protect, so by default the path is:
C:\Users\protect\AppData\Local\Temp
Note that for Windows Server 2003 and older, the default temp folder would have been:
C:\Documents and Settings\protect\Local Settings\Temp
You may want to refer to Guidelines for excluding Symantec Data Loss Prevention installation directories from third-party file backups for additional guidance.