Data Loss Prevention (DLP) Cloud Detection servers periodically disconnect with an "Unknown" status.

You also see the following error in the DLP Enforce console:

2716 Cloud detector disconnected

• DLP 15.7 or later
• Cloud Email or Detection Service installed
• Enrollment Bundle zip uploaded

The DLP Enforce to Cloud Service Gateway connection automatically cycles every 24 hours. This causes a detector to appear as "Disconnected," showing the 2716 event code in the DLP Enforce console. This is almost immediately followed by a 2712 "Connected" event.

The servers are designed to ensure that messages continue to process successfully even during periods when DLP Enforce loses connectivity to the Gateway. However, the DLP Enforce server's status may still appear as "Unknown," even if the cloud detector reconnects.

If the DLP Cloud Detection server still shows an 'Unknown' status

Restart the DLP Enforce server's "SymantecDLPDetectionServerController" service to get back to a "Connected" status.

Note: This service was known informally as "MonitorController" in earlier versions of DLP.

If this issue occurs frequently

Increase the memory allocated to the MonitorController wrapper. See Monitor Controller performance issues after adding new Detection Servers

Note: You can do this even if there are no "out of memory" errors showing in the SymantecDLPDetectionServerController.log.

If configuring SIEM or other system alerts based on Event Codes, the following events are usually indicative of issues that may need addressing:

• 2713 Cloud detector disconnected - Detail: "Error [FAILURE_TO_CONNECT]. Check your network settings."
• 2715 Cloud detector disconnected - Detail: "Error [FAIL_BINDING_ERROR]. Cloud Service is not available because of an account issue."

For possible issue related to those, see KB Error: "Cloud Service is not available because of an account issue" after adding new DLP cloud detector - status remains "Disconnected" (broadcom.com)