No Endpoint Incidents are Generated After Upgrading Enforce and Endpoint Servers

book

Article ID: 213212

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

After Enforce and Endpoint servers were upgraded, 15.7MP1 agents reporting to 15.8 Endpoint Servers stopped generating incidents.

Cause

Due to the agent/server version mismatch, and non-default Agent Configuration Setting, policy updates did not properly replicate down to the lower version of the DLP Agent.

Environment

Enforce and Endpoint servers version 15.8. 

Endpoint Agent version 15.7 MP1.

Resolution

Solution: Upgrade the DLP Agent to 15.8 to match the Endpoint server version.

 

Workaround: In the event an agent upgrade is not possible, perform the following workaround.

For each Agent Configuration with the setting ENABLE_POLICY_MATRIX_DELTA_REPLICATION = 0, change the value to 1.

Save and Apply the Agent Configuration.

Important: Policy updates will not replicate until a change is made to each Endpoint policy. Adding a character to the policy description, and saving the policy will trigger a policy update to the Endpoints.