When uploading logs and other data to the Cisco support site, the upload will sometimes fail.
These files are nested zip files, zips within zips.
And the files are hosted on a local file server.
When the upload fail, the error message will list the name and size of the file being uploaded followed by this string:

"Please verify if you have the required read permissions".

That message is coming from the Cisco site.
https://mycase.cloudapps.cisco.com/<Cisco case number>/summary

If the DLP agent is disabled, the upload succeeds.

File upload path: Endpoint – Egress – Zscaler – Cisco

Everything points to a timing issue on the Cisco site.
When the file is on the file share, the file must be downloaded for the agent to scan it, this is one point of delay.
Then the agent must scan the file, and being a nested zip file, this can take some time, another point of delay.
Then the Zscaler will do its own web filtering, another point of delay.
By this time, the Cisco site appears to at least partially close the connection/session.

This leaves very little that can be done on the DLP Endpoint side.

Engineering said that you can test the following, but there is no guarantee that this will resolve the issue.

Because the agent processes encapsulation files that are larger than the Detection.MAX_FILTER_FILE_SIZE, it's possible to encounter longer than desired processing delays stemming from files of this type that contain many hundreds or thousands of files. There are a few ways to work around this:

  If possible, reduce policy complexity. Observe a long running detection with the agent logs at FINEST and look for "chunk processing for condition <id> took n ms". If there are any that stand out as taking a very long time, review them to see if they are DI or Regex patterns that can be simplified. Look for other policy tuning opportunities; this is too complex a topic to cover in detail here.

Lower the Detection.MAX_DETECTION_TIME.int setting in the agent configuration advanced settings.
The default setting is 15 minutes. If you lower this to 10 or 5 minutes, you may vastly improve some endpoint latency scenarios, while still having a good chance that detection of sensitive content would still occur just inspecting the amount of content that can be run through detection in that lower amount of time.

Lower the Detection.MAX_FILTER_FILE_SIZE from the default of 30 MB.
Lowering this by 10 or 15MB can provide a dramatic speedup on encapsulation files with many sub files by limiting the amount of context extracted and run through detection, while still preserving a sizeable amount of data to examine.

To bring encapsulation file handling more in line with non-encapsulation file type handling, customers can use a Monitoring Filter (System > Agents > Agent Configuration > Channel Filters tab > Add Monitoring Filter button) such as the one below to help limit the size of archive types that will be processed (be sure to select all applicable channels and file types).

NOTE - this workaround carries the most risk since files that exceed the filter size are skipped completely, and at high compression levels a large amount of sensitive data could potentially be exfiltrated: