Problem receiving incidents in DLP
search cancel

Problem receiving incidents in DLP

book

Article ID: 253130

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite

Issue/Introduction

Today we have detected that no high criticality incidents were appearing on the console since two days ago, so we decided to restart the console.

First I restarted four endpoint prevent and then the enforce. And I found some problems.

First of all, as I show in the pictures, Endpoint 1 and 2 have taken version 15.0 instead of 15.8, it seems that both coexist on the device. I have tried to stop the 15.0 service and start the 15.8 service but it is still the same, can you help me?

On the other hand, the Enforce, although it has all the services started, appears with an N/A in the Type, which I think it didn't appear before.

It now appears to be generating no incidents of any kind. The expired license issue does not affect the module.
I attach the logs.

Environment

Release : 15.8

Resolution

This is known issue during upgradation of old version to newer versions i.e. in this case

Issue is the old 15.0 version services were started and is trying to force overtake the services of 15.8 version.

Ideally the DLP services of old environment should be stopped and disabled in case it automatically starts every time the system is rebooted.

Disable the services of old 15.0 version and restart the machine on the environment and start the services of latest version available on the environment.

This would ensure the latest version is up and running thus communicating with the Enforce server.