ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Agent group does not honor the assigned Agent Attributes in DLP

book

Article ID: 227810

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

When you configure an Agent group and add custom agent attributes in Symantec Data Loss Prevention (DLP), the agents are not joining that group as expected.
The custom agent attributes are based upon User Domain - Active Directory (AD) departments.
The Agent Attributes are configured in "System > Agents > Agent Groups > Create New Agent Attribute".
The custom agent attributes, multiple, are then added to an Agent Group.
The agent configuration assigned to the Agent Group is then updated.

The agents assigned to that agent configuration do not populate the agent group as expected.
Only the users in the first agent attribute on the list, line separated, are imported into that agent group.
The users in the other agent attributes remain in the default agent group.

The LDAP sync works fine.
You can confirm this by checking the agents to see if the logged in user is associated with the correct AD department.

Environment

Release: 15.x

Component: Enforce

Resolution

Originally that agent attributes were added by copying and pasting the AD group list from Notepad.
It appears that Notepad put some extra characters that caused the AD group list to fail.

Manually adding the AD group custom agent attributes to the Agent Group one at a time resolved the issue.

Using a true text editor instead of Notepad may also work as it should not add any extra characters.