How do I move the Symantec DLP Incidents directory to another drive after the software is already installed and running?
You should firstly backup and then modify the \Program Files\Symantec\Data Loss Prevention\Enforce Server\15.1\Protect\config\Protect.properties file.
Stop the Symantec DLP Manager service on the Enforce server.
Then look for the following settings and modify the path to your desired location:
# location of offline incidents on the monitor
com.vontu.detection.incidents.dir = C:/ProgramData/Symantec/Data Loss Prevention/Detection Server/15.1/../../Server Platform Common/15.1/incidents
# location of offline incidents on the manager
com.vontu.manager.incidents.dir = C:/ProgramData/Symantec/Data Loss Prevention/Detection Server/15.1/../../Server Platform Common/15.1/incidents
You will need to create the new folders in the new path you specified here and give the Symantec DLP service account full rights to each new folder.
Then restart the Enforce Symantec DLP Manager service or reboot the system.
Please note the instruction here are for version 15.1 so the paths may vary between DLP versions or depending on your initial installation path.