16.1 Endpoint Block Response Rule popup allows users to click OK without Justification resulting in incident persistence failure because of null ENDPOINTJUSTIFICATIONLABELID field
search cancel

16.1 Endpoint Block Response Rule popup allows users to click OK without Justification resulting in incident persistence failure because of null ENDPOINTJUSTIFICATIONLABELID field

book

Article ID: 390612

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention Data Loss Prevention Core Package Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite Data Loss Prevention Enforce Data Loss Prevention Plus Suite

Issue/Introduction

When the Endpoint response rule is configured with the "Allow user to choose explanation" box unchecked, this allows users to click OK in the response rule popup without entering in a justification. The issue does not occur for the first popup, but will occur for subsequent popups.

When the IncidentPersister on Enforce attempts to persist that incident it will fail because the ENDPOINTJUSTIFICATIONLABELID field is null. The error in the Enforce IncidentPersister logs will appear similar to the following:

Feb 14, 2025 1:06:30 PM (WARNING) Thread: 1351 [com.vontu.model.ojb.OJBLogger.warn] Error while write objects for tx org.apache.ojb.odmg.TransactionImpl@236eca68
org.apache.ojb.broker.KeyConstraintViolatedException: 
* SQLException during execution of sql-statement:
* sql statement was 'INSERT INTO IncidentJustification (incidentJustificationID,incidentID,endpointJustificationLabelID,endpointJustificationText) VALUES (?,?,?,?) '
* Exception message is [ORA-01400: cannot insert NULL into ("PROTECT"."INCIDENTJUSTIFICATION"."ENDPOINTJUSTIFICATIONLABELID")

Environment

DLP 16.1 Endpoint Agent

Cause

The issue does not occur on the first popup but the focus is getting set to the 'OK' button for subsequent response rule pop-ups. The logic in place sets the focus to the first radio button, but since the first radio button is not visible due to the fact that the 'Allow user to choose explanation' option is unchecked in the response rule configuration, the focus is not set to the radio button. This allows the user to submit without having a justification. Once the IncidentPersister tries to persist the incident to the database it fails because the ENDPOINTJUSTIFICATIONLABELID field is null.

Resolution

The issue will be fixed in DLP Endpoint Agent version 16.1 MP1.

Workaround: Until DLP 16.1 MP1 is available, it is recommended NOT to enable the "Allow user to enter text explanation" when configuring the "Endpoint Prevent: Block" response rule in the Enforce Console 

Powered by Wolken Software