search cancel

The source file and path are missing from the DLP Endpoint Incident Report exported to CSV file.


Article ID: 227424


Updated On:


Data Loss Prevention Endpoint Prevent


In some cases the source file and source path is not always populated in an incident report when exported to CSV. 


We discovered that the fomc.dll on the Endpoint system image was registered incorrectly on the host system which meant that the agent was unable to capture the source path and file via Windows Explorer file copy.


Release : 15.x

Component : Endpoint Agent


The fomc.dll is registered only once by the Endpoint Agent after installation

Re-registered the fomc.dll using the correct Endpoint Agent installation path as follows: 

Launch the command prompt with elevated access
Change the path to the Endpoint Agent install location and run below command: 

regsvr32 fomc64.dll  (If you have a 32 bit machine run regsvr32 fomc.dll instead)


Additional Information

There are some known behaviors where we cannot capture the source path and file as follows:

1. Where a user creates a file and performs a "Save As" from the file itself directly to the destination.
2. Where a user runs a command line copy of a file to the destination if the the agent advance setting is set to "0". This must be set to 1. 
3. If the disk/drive is unknown/fixed type.

See also the Broadcom Forum: DLP - Why some Endpoint incidents do not show a source path?