After upgrading to 15.8 detection servers are getting the Error: "3901, System Events have been suppressed" in the Enforce Server console.
Boxmonitor logs from the detection server show the following:
Jan 1, 2022 8:23:37 PM com.vontu.communication.transport.ChannelManager processOperationResult
INFO: Operation com.vontu.communication.transport.AcceptWrapperOperation:1641086617898:null:com.vontu.communication.transport.SessionIdentifier@b2c209c failed with exception:
com.vontu.communication.transport.exception.TransportException: invalid packet length on read: 1195725856
Release : 15.8
Component : Microsoft Information Protection Plugin
This is a known issue with 15.8.
This bug is due to MIP SDK / plugin throwing an exception when it encounters some Office documents.
This will be fixed in a future release of the product. For now the errors can safely be ignored.
This issue can be worked-around by disabling the MIP plugin on the Detection Server. This is done by editing the MIP plugin's manifest.xml located under the Symantec/DataLossPrevention/ContentExtractionService/15.8.00000/Plugins/Protect/plugins/contentextraction/MicrosoftInformationProtectionPlugin/ folder
Change text:
disabled="false"
to:
disabled="true"
Then save the updated manifest.xml and restart the Detection Server services. This will disable the Detection Server's MIP support in addition to preventing the 3901 errors.