DLP not detecting on MacOS 10.15.x

book

Article ID: 184898

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

Symantec/Broadcom Data Loss Prevention (DLP)
Endpoint Prevent

DLP is not detecting file uploads to Safari.

Files copied to USB are uploaded to the external drive successfully even though the DLP block pop-up prompt appears and a DLP 'block' incident is created.

Using the MacOS 'Console' program, we see this message:

 

Sandbox: edpa() System Policy: deny(1) file-write-data /Volume/<USB name>/<filename>

Cause

MDM profile is missing or out of date on the workstation.

Environment

DLP 15.5 MP2

MacOS 10.15.x (Catalina)

Resolution

Follow steps in TECH256856 to apply or update the MDM profile for the MacOS 10.15.x device.