DLP Incidents not persisting for Cloud Email customer
search cancel

DLP Incidents not persisting for Cloud Email customer


Article ID: 189289


Updated On:


Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Package


Incidents from hosted cloud email (Email Service or Cloud Prevent) have stopped showing up in Enforce.

If one examines the /incidents/ directory on Enforce, there are numerous ".bad" files - these are non-persisted incidents from the cloud detector or cloud prevent server.


Release : 15.1



Incident Reconciliation task is failing. This task reconciles incidents created for emails with multiple recipients, combining multiple incidents for the same original message into one incident in Enforce. 
There is a known defect for this task in 14.6-15.5 branches of DLP.


Upgrade to 15.5 MP2, where the fix is described in the Release Notes for that maintenance pack:

4245814: The SMTP reconciliation task no longer crashes on cache cleanup, with the Protect incidents reconciliation
folder filling up with .idc files. Split-delivery emails no longer generate multiple incidents.