search cancel

DLP Incidents not persisting for Cloud Email customer

book

Article ID: 189289

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Package

Issue/Introduction

Incidents from hosted cloud email (Email Service or Cloud Prevent) have stopped showing up in Enforce.

If one examines the /incidents/ directory on Enforce, there are numerous ".bad" files - these are unpersisted incidents from the cloud detector or cloud prevent server.

Cause

Incident Reconciliation task is failing. This task reconciles incidents created for emails with multiple recipients, combining multiple incidents for the same original message into one incident in Enforce. 
There is a known defect for this task in 14.6-15.5 branches of DLP.

Environment

Release : 15.1

Component :

Resolution

Upgrade to 15.5 MP2, where the fix is described in the Release Notes for that maintenance pack:

4245814: The SMTP reconciliation task no longer crashes on cache cleanup, with the Protect incidents reconciliation
folder filling up with .idc files. Split-delivery emails no longer generate multiple incidents.