A public hot fix for Symantec Data Loss Prevention 15.1 Maintenance Pack 1 is available at the MySymantec site.
This hot fix addresses an issue in which unsuccessful login attempts to the Enforce Server administration console were not being updated correctly in the audit log file; the unsuccessful attempts appeared as "Successful" in the audit log.
The hot fix needs to be applied to the Enforce Server; it does not need to be applied to the DLP Agent. The hot fix is required only for form-based and Kerberos authentication methods.
Data Loss Prevention 15.1 MP1 customers who use form-based or Kerberos authentication for Enforce Server administration console access should download Hotfix_15.1.0109.zip from the MySymantec site.
For the hot fix installation details, see the Read Me document included in the hot fix ZIP file.
This same fix has also been included in 15.1 MP2 release. For details on this and other issues fixed in that Maintenance Pack, please see the 15.1 MP2 Release Notes