For Data Loss Prevention versions 12.5.x or 14.0.x, in some circumstances, incident data can be missing or appear garbled in the Enforce Server administration console. The incident data cannot be decrypted by an cryptographic key.
The range of symptoms include:
The symptoms may not appear immediately even if there are cryptographic key issues. See the "Cause" section below for more details.
The problem occurs because the cryptographic key in the Data Loss Prevention Oracle database that was used to encrypt incident information is no longer available to decrypt the incident information.
When a new Endpoint Server is registered or an Endpoint channel is added to an existing server, the latest SYSTEM cryptographic key is overwritten. However, the original key continues to operate while in memory until Vontu services are restarted, memory cache is refreshed, or a new key is generated by cryptographic key rotation. Incidents are created and incident data is encrypted with the original key. When the server is recycled, the new key is put into use, but it can't decrypt the incident components encrypted by the original key.
Note: The problem affects all incident types, not only Endpoint incidents.
Because incidents can be created and encrypted with the original cryptographic key while that key is in memory, the symptoms of the problem (in which a key capable of decrypting the incident data is missing from the Data Loss Prevention database) may not appear immediately.
Important: Incidents created and encrypted with the original key and which cannot be decrypted by the new key, as described here, are not recoverable.