Symantec Data Loss Prevention (DLP)
System > Incident Deleter > Delete Incidents shows multiple incidents queued for deletion.
No schedule has been created to delete incidents.
The System Account password had expired.
The System Account is defined during the installation of DLP, by default the account name is "protect".
There is a default deletion job scheduled for 11:59 PM daily.
With the System Account password expired, this default job was in effect and marking incidents for deletion.
But they were never deleted because the System Account password was expired.
Set the System Account, protect, password to never expire.
After resetting the password to never expire, there were no incidents marked for deletion.
The deletion jobs history shows no incidents were deleted.