On a detection server running FileReader, you observe that although it appears to be processing messages, no incidents are generated. In the ContentExtractionHost_FileReader log you see the following events:

04/07/21 09:18:47 | ERROR | cehost | Verity [4527] | [3695359744] | Failed to create temporary directory. Last Error: No such file or directory | ../Platform.c (103)

04/07/21 09:18:47 | ERROR | cehost | Verity [4527] | [3695359744] | Could not initialize the Verity CEA plugin: Failed to create temporary directory | src/VerityImplInternal.c (153)

04/07/21 09:18:47 | WARN  | cehost | CEPluginManager [4527] | [3695359744] | Failed to load Verity. Error: Plugin Startup - Initialization of plugin Verity failed. retVal = 1, context = 0. Skipping this plugin | CEPluginManager.cpp (252)

• Linux based detection server.
• DLP 15.x

This issue can occur on Linux based detection server when the disk that CEH (ContentExtractionHost) is using to extract files to runs out of space. This may happen due to limited drive space and high volume of large files.

It may also happen if CEH has crashed while extracting files and tmp files are left behind and not cleaned out.

When the disk is out of space and temporary files can no longer be created, FileReader continues to process messages, but because all extraction fails, no real detection takes place.

This can be caused by multiple issues:

• AV exclusions for DLP folders
  • See: Servers with Antivirus and Symantec Data Loss Prevention (DLP) Server Software (broadcom.com)
• Multiple Enforce servers are talking to detections servers:

If you see the following messages verify there are multiple Enforce servers:

May 9, 2022 3:41:49 AM com.vontu.communication.transport.ChannelManager handleOperationSuccess
WARNING: Replaced connection for: controller-server and the remote IP for the old connection is: /192.0.2.2. There might be another client connecting to this channel.

• Free Disk space is low 

1. 1. Delete the ContentExtractionTemporarynnnnn directories from /temp/ to free disk space.
   2. Restart the SymantecDLPDetectionServerService.

See also: Large number of .tmp files in C:\Documents and Settings\protect\Local Settings\Temp (broadcom.com)