5604 - 'MIP file type detection failed' events appear in console after upgrade to 15.8
search cancel

5604 - 'MIP file type detection failed' events appear in console after upgrade to 15.8

book

Article ID: 214822

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Prevent for Email

Issue/Introduction

  • Since upgrading to DLP 15.8 you have received occasional event alerts in the Enforce console of the type 5604 - MIP file type detection failed 
    • The event alert includes the message "The file has been protected using non RMS technologies"
  • You do not have MIP configured in your environment

Environment

Release : 15.8

Component : Network Prevent for Email/Web/Endpoint

Cause

The error happens with password-protected MS Office documents. We use the MIP plugin to do some file type analysis and it is returning an error, in this case, that we should be ignoring. After this, our code will use other plugins to determine the file type, and these files will be correctly identified by those plugins despite this error. This is new in 15.8 because we added in some metric collection on various errors during detection and this is one of the included errors

Resolution

The event can be ignored; this has been resolved in DLP 16.0.

 

Workarounds:

This issue can be worked-around by disabling the MIP plugin on the Detection Server. This is done by editing the MIP plugin's manifest.xml file

Windows:
(\Program Files\Symantec\DataLossPrevention\ContentExtractionService\15.8.00000\Plugins\Protect\plugins\contentextraction\MicrosoftInformationProtectionPlugin\manifest.xml)
Linux:
/opt/Symantec/DataLossPrevention/ContentExtractionService/15.8.00000/Plugins/Protect/plugins/contentextraction/MicrosoftInformationProtectionPlugin/manifest.xml)

and changing the text disabled="false" to disabled="true" and restarting the Detection Server.

This, of course, will also disable the Detection Server's MIP support.

Powered by Wolken Software