After upgrading to 15.8 detection servers are getting the Error: "3901, System Events have been suppressed" in the Enforce Server console
search cancel

After upgrading to 15.8 detection servers are getting the Error: "3901, System Events have been suppressed" in the Enforce Server console

book

Article ID: 231746

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

After upgrading to 15.8 detection servers are getting the Error: "3901, System Events have been suppressed" in the Enforce Server console.

Boxmonitor logs from the detection server show the following:

Jan 1, 2022 8:23:37 PM com.vontu.communication.transport.ChannelManager processOperationResult
INFO: Operation com.vontu.communication.transport.AcceptWrapperOperation:1641086617898:null:com.vontu.communication.transport.SessionIdentifier@b2c209c failed with exception: 
com.vontu.communication.transport.exception.TransportException: invalid packet length on read: 1195725856

Environment

Release : 15.8

Component : Microsoft Information Protection Plugin

Cause

This is a known issue with 15.8.

This bug is due to MIP SDK / plugin throwing an exception when it encounters some Office documents.  

Resolution

This will be fixed in a future release of the product. For now the errors can safely be ignored.

This issue can be worked-around by disabling the MIP plugin on the Detection Server. This is done by editing the MIP plugin's manifest.xml located under the Symantec/DataLossPrevention/ContentExtractionService/15.8.00000/Plugins/Protect/plugins/contentextraction/MicrosoftInformationProtectionPlugin/ folder

Change text:

disabled="false"

to:

disabled="true"

Then save the updated manifest.xml and restart the Detection Server services. This will disable the Detection Server's MIP support in addition to preventing the 3901 errors.

Powered by Wolken Software