I need a solution
I have 5 total DLP Endpoint Prevent servers, each with DLP version 14.5.0.24034, with the DLP agent version deployed being 14.0.2000.1056.
Of the 5 servers, I am having an issue with 4 of them. The issue is as follows;
- Incidents are reporting with a "pipe" symbole preceding the incident number, i.e. |1492910212700.idc
- As incidents populate the "incidents" folder on the endpoint prevent server, incident files with a ".tmp" extension will populate in the folder. As this occurs, the "SymantecDLP\Protect\temp\aggregator_temp_ttd_data" folder then fills quickly with folders containing a "minus" symbol preceding the folder name, i.e. "-1287079144_408759445".
This causes the drive on which DLP is installed to fill quickly, given the endpoint prevent server will not complete processing of the incident files, and the "aggregator_temp_data" folder continues to fill.
DLP Endpoint policies are applied the same, to all 5 servers - including the 1 server which is not exhibiting the behavior of the other 4 servers.
Any help is appreciated. Thank you.
0