Data Loss Prevention 11.x Known Issues

Technical Articles ID: KB89301
Last Modified: 6/16/2022

Environment

Data Loss Prevention (DLP)

DLP Discover 11.x
DLP Endpoint 11.x
DLP Monitor 11.x
DLP Prevent 11.x

DLP Management Extension 11.x

Summary

Recent updates to this article

Date	Update
June 16, 2022	Implemented minor updates. Only styling changes implemented.
May 10, 2022	Added DLP Discover 11.10.0 General Availability (GA) resolved issues.
April 26, 2022	Implemented minor updates. Only styling changes implemented.
April 13, 2022	Added DLP Endpoint 11.9.0 GA Repost resolved issues.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Contents
Click to expand the section you want to view:

Product release information

To view all available DLP GA release notes and other documentation, visit the Product Documentation site.
For Release To Support (RTS) release notes, contact Technical Support.

NOTE: For the products that have reached End of Life (EOL), see the "Related Information" section.

DLP Component and Version	Operating System	Release Date
DLP ePo Extensions
11.8.100 (GA)	-	January 21, 2022
11.7.101 Hotfix (GA)	-	January 21, 2022
11.7.100 (GA)	-	September 29, 2021
DLP Endpoint
Endpoint 11.9.0 (GA) Repost	Windows	April 13, 2022
Endpoint 11.9.0 (GA)	Windows	January 25, 2022
Endpoint 11.9.0 (GA)	Mac	January 25, 2022
Endpoint 11.6.500 (GA)	Windows	April 12, 2022
Endpoint 11.6.401.28 Hotfix (GA) Package Endpoint 11.6.401.1 Hotfix (GA) Extension	Windows	February 17, 2022
Endpoint 11.6.401 Hotfix (GA)	Windows	January 21, 2022
Endpoint 11.6.400 (GA)	Windows	October 29, 2021
Endpoint 11.6.300 (GA)	Windows	August 10, 2021
Endpoint 11.6.200 (GA)	Windows	June 8, 2021
Endpoint 11.6.100.41 Hotfix (GA)	Windows	April 14, 2021
Endpoint 11.6.100 (GA)	Windows	March 23, 2021
Endpoint 11.6.0 (GA)	Windows	November 10, 2020
Endpoint 11.6.0 (GA)	Mac	November 12, 2020
Endpoint 11.4.200 (GA)	Mac	August 11, 2020
Endpoint 11.4.0 (GA)	Mac	November 12, 2019
DLP Prevent (Appliance, Images)
Prevent 11.8.0 (GA)		November 18, 2021
Prevent 11.6.100 (GA)		April 14, 2021
Prevent 11.6.0 (GA)		January 12, 2021
DLP Monitor (Appliance, Images)
Monitor 11.8.0 (GA)		November 18, 2021
Monitor 11.6.100 (GA)		April 14, 2021
Monitor 11.6.0 (GA)		January 12, 2021
DLP Discover
Discover 11.10.0 (GA)		May 10, 2022
Discover 11.7.100 (GA)		November 12, 2021
Discover 11.7.0 (GA)		July 13, 2021
Discover 11.6.100 (GA)		September 14, 2021
Discover 11.6.0 (GA)		November 10, 2020

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.

DLP Endpoint 11.x known issues

The critical resolved issues are listed below.

Reference Number	Related Article	Found In	Fixed In	Issue Description
Resolved - Critical (DLP Endpoint)
-	SB10376	11.0	11.9.0 11.6.401.28 11.6.401.1	Issue: The SQL Injection vulnerability CVE-2021-4088 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database.
-	SB10371	11.0	11.6.400	Issue: The SQL Injection vulnerability CVE-2021-31849 gets triggered when deleting user information in DLP Endpoint for Windows.
-	SB10371	11.0	11.6.400	Issue: The Cross Site Scripting (XSS) vulnerability CVE-2021-31848 occurs in DLP Case Management.

Non-critical

Reference Number	Related Article	Found In	Fixed In	Issue Description
Resolved - non-critical (DLP Endpoint)
DLPW-7726	-	11.9.0	11.9.0.82	Issue: Blue screen of death (BSoD) error appears on the endpoints that have Hardware-enforced Stack Protection enabled.
DLPO-9468	-	11.6.0	11.6.500	Issue: An incorrect GUID is being used by Apple devices for USB device class.
DLPO-9486	-	11.6.0	11.6.500	Issue: A delay in the ePO response is observed when the Permission Set for Global Reviewer is enabled.
DLPO-9489	-	11.6.200	11.6.500	Issue: Apache Log4j vulnerabilities are flagged owing to an unused AzureRunner.jar present in DLP extension.
DLPW-7076	-	11.6.0	11.9.0.82 11.6.500	Issue: Google Chrome becomes unresponsive owing to shadow stack violation on endpoints that have Hardware-enforced Stack Protection enabled.
DLPW-7104	-	11.6.0	11.6.500	Issue: An incident is triggered for a Removable Storage Protection Rule when you try to copy and paste classified data within the 'C' drive.
DLPW-7541	-	11.6.0	11.6.500	Issue: Unable to view the device details in DLP Incident manager "Additional Information" section when you try to copy data to an external drive.
DLPW-7730	-	11.6.401	11.6.500	Issue: The web protection rules fail to block the files uploaded from a shared network drive.
DLPO-9449	-	11.6.100	11.6.500	Issue: ePO is unable to connect to MVISION Cloud after upgrading to ePO 5.10.0 Update 11. Resolution: If you've upgraded to ePO 5.10.0 Update 11, make sure that you use the latest version of the DLP extension.
DLPW-6956	-	11.6.0	11.6.500	Issue: Google Chrome doesn't respond when the screen is being shared using Google Meet.
DLPW-7102	-	11.6.0	11.6.500	Issue: The Timeout Exceeded message is displayed owing to additional processing of web posts.
DLPW-7683	-	11.6.0	11.6.500	Issue: Microsoft Edge and Google Chrome browsers are slow to load when fcagchrome64.dll is enabled.
DLPO-8807	-	11.6.0	11.9.0.82 11.9.0	Issue: The Evidence file share authentication fails, and doesn't allow the upload of evidence.
DLPO-9330	-	11.6.0	11.9.0.82 11.9.0	Issue: The US Social Security Number Randomization in Advanced Pattern is selected as deprecated and shows an incorrect description.
DLPX-1362	-	11.6.0	11.9.0	Issue: The DLP Endpoint for Mac doesn't block plug-and-play devices when using macOS BigSur.
DLPX-1405	-	11.6.0	11.9.0	Issue: The macOS crashes when DLP Endpoint for Mac is upgraded to version 11.6.0.
DLPX-1406	-	11.6.0	11.9.0	Issue: The DLP Endpoint for Mac generates multiple incidents when there's a network connectivity change. This issue occurs when a device is already plugged in. This issue is also observed when the device monitoring rules are added in DLP Policy.
DLPX-1457	-	11.6.0	11.9.0	Issue: An intermittent issue is observed with unmounting USB drives on macOS.
DLPX-1500	-	11.6.0	11.9.0	Issue: The datalossd process on macOS continues to consume more memory over time.
DLPO-9314	-	11.6.0	11.9.0	Issue: The Mac OS X Client Configuration with Shared Storage field accepts the wrong credentials and displays the message "Connection was tested successfully."
DLPW-7540	KB95265	11.6.0	11.6.401.28 11.6.500	Issue: Adobe Reader 32-bit crashes and displays the error message below: Invalid plugin detected. Adobe Acrobat Reader DC will quit.
DLPW-5419 DLPW-6526 DLPW-7183	-	11.6.0	11.6.401.28 11.6.401	Issue: Multiple web incidents are triggered from Microsoft Edge and Chrome without URL information when opening the browser or while browsing.
DLPW-6154	-	11.6.0	11.6.401.28 11.6.401	Issue: An incident is caused for files downloaded using the Microsoft Edge.
DLPW-6279	-	11.6.0	11.6.401.28 11.6.401	Issue: Emails are blocked owing to the email recipient detection.
DLPW-6948	-	11.6.0	11.6.401.28 11.6.401	Issue: Incidents are generated with no or unknown URL information.
DLPW-7229	-	11.6.0	11.6.401.28 11.6.401	Issue: Emails sent are held in the Outbox for an hour after Windows Client Configuration is enabled. The Enabling Windows Client Configuration is followed by Email Protection, Outlook Background Processing, and Enable Background Processing.
DLPW-7243	-	11.6.0	11.6.401.28 11.6.401	Issue: Email gets held when 'Do not deliver before' option is checked.
DLPW-7303	-	11.6.0	11.6.401.28 11.6.401	Issue: A false positive issue occurs in DLP-blocked PDF files, when opened in Microsoft Edge or Chrome browsers for viewing.
DLPW-7313	-	11.6.0	11.6.401.28 11.6.401	Issue: Windows Explorer crashes owing to both printer handler probe and copy file handler probe.
DLPW-7323	-	11.6.0	11.6.401.28 11.6.401	Issue: DLP incident Manager doesn't show other device information for CD or DVD devices that are copied to an external drive.
DLPW-7472	-	11.6.0	11.6.401.28 11.6.401	Issue: UCE DLP Ethernet or WiFi properties (NIC option) present in the network property can't be edited.
DLPW-6950	-	11.6.0	11.6.400	Issue: Copy and paste operations from the remote system to the local system fail to trigger incidents or notifications. You see this problem with DLP Endpoint on a remote and local system when the Clipboard Protection rule is blocked.
DLPW-6909	-	11.6.0	11.6.400	Issue: A blank dialog box appears after you click the three-dots (burger) menu. You see this issue after you select either of the following rules: 'Evidence Rule Name' and 'Evidence Rule Set Name'. The rules are found under Queries & Reports, New Query, Filter page.
DLPW-6411	-	11.6.0	11.6.400	Issue: The DLP Printer Protection rule doesn't block printing of text files from local Chromium-based browsers.
DLPW-7095	-	11.6.300	11.6.400	Issue: An open draft message in Outlook closes when you reply to another message.
DLPW-6968	-	11.6.200	11.6.400	Issue: Printing from a browser window (Chrome and Microsoft Edge) becomes unresponsive. The screen shows Not responding. This problem is still incurred after adding the processes (chrome.exe and msedge.exe) to the DLP exclusion list.
DLPW-6436	-	11.6.0	11.6.400	Issue: The CPU spikes on the process fcag.exe randomly to over 20% for more than 120 seconds.
DLPW-6070	-	11.6.0	11.6.400	Issue: Encrypted sent emails are held in the Outbox for an hour. You see this issue after you enable Windows Client Configuration, Email Protection, Outlook Background Processing, and Enable Background Processing.
DLPW-6069	-	11.4.200	11.6.400	Issue: You're unable to install the DLP client. The error message below is displayed during the failed install: The module with the version of windows might not be compatible.
DLPW-6313	-	11.6.200	11.6.400	Issue: A DLP event generated from an endpoint with a Web Protection rule shows incomplete URL information. You see this issue when the events are viewed from the Chrome browser.
DLPW-6160	-	11.6.200	11.6.400	Issue: No URL information displays when you generate an incident report.
DLPW-7130	-	11.5.970	11.6.400	Issue: The Microsoft Information Protection label isn't detected (blocked) if the system boots outside VPN.
DLPW-6991	-	11.6.300	11.6.400	Issue: The DLP Endpoint 11.6.200 blocks file uploads to exempted URLs.
DLPW-6955	-	11.6.200	11.6.400	Issue: The destination URL isn't displayed in the 'Destination' column of the Incident Manager. You see this issue both in Chrome and Microsoft Edge browsers.
DLPW-6948 DLPW-6947	-	11.6.200	11.6.400	Issue: The DLP Incident Manager shows the incident destination (Matched URL and Web request URL) as "Not Available." You see this issue after you upgrade to DLP Endpoint 11.6.200.
DLPW-6534	-	11.6.100	11.6.400	Issue: The DLP incidents generated for file uploads show a different URL than the actual URL location of the file upload.

DLPW-6169	-	11.6.100	11.6.200	Issue: The DLP Agent service doesn't start automatically after you install DLP Endpoint 11.6.100 on Windows 10 Version 19H1 32-bit systems. Workaround: Update your systems with the latest Microsoft Security updates.

DLPO-7221	-	11.6.00	11.6.100	Issue: Configuration changes are made in the Client Configuration under the Email Protection tab and the policy is applied on the other tab. The client configuration still appears as "Pending Changes." This issue occurs even though the changes are saved. Workaround: Click Apply Policy on the same tab where the configuration is made, namely, the Email Protection tab.
DLPO-3333	-	11.4	11.6.100	Issue: The file size for the incidents reported by MVISION Cloud are displayed in the decimal point under the DLP Incident Manager, Incident List.
DLPO-3353	-	11.4	11.6.0	Issue: The incident reported by MVISION Cloud doesn't display the unique match count under "Evidence."
DLPO-3354	-	11.4	11.6.0	Issue: "SharePoint/OneDrive" incidents have 0.0.0.0 as the computer IP in the incidents reported by MVISION Cloud.

1271560	-	11.2	11.3.000	Issue: When DLP Endpoint is upgraded from 11.1.200 to 11.2, the upgrade fails. Workaround: Uninstall DLP Endpoint 11.1.200 and restart the system before you upgrade to DLP Endpoint 11.2.

1264676 1265030	-	11.1.100	11.2.000	Issue: Test connection fails for Evidence Storage if the password contains special characters. (It appears in DLP Settings or on the Evidence Copy Service page of the Client Configuration.)
1264486	-	11.1.100	11.2.000	Issue: Files are allowed to be uploaded from all URLs even when the Application File Access Protection blocking rule is configured with a specific URL exception list.
1261969	-	11.1.100	11.2.000	Issue: Links in the emails that DLP Case Management automatically generates don't work.
1264467	-	11.1.100	11.2.000	Issue: Classification caption isn't added in the sent emails.
1262607	-	11.1.100	11.2.000	Issue: If a sensitive file name contains non-English characters, the web protection rule doesn't work when you use Chrome browser version 67 and later.
1222510	-	11.0.200	11.2.000	Issue: When the PDF image files are opened in Internet Explorer, it displays the following error message: "There is a problem with Adobe Acrobat/Reader."

1245376		11.0.500	11.1.0	Issue: False positive incidents occur when a Plug and Play device rule or a Removable Storage Device Rule meets the following criteria: Has a user condition with an OR operator between multiple condition lines. An exception is added with a user condition.

1253012		11.0.200	11.0.700	Issue: An error appears in the Windows 10 Event Viewer, showing one or more of the following: Faulting module name: fcagpph32.dll Faulting module name: fcagpph64.dll Faulting module name: fcagcbh32.dll Faulting module name: fcagcbh64.dll Workaround: Add the process name that appears in the event viewer error to the clipboard whitelisted processes in the Windows Client configuration.

1240128		11.0.400	11.0.500	Issue: Microsoft Office applications don't respond when an Application File Access rule is set to block, or monitor a classified file. For example, Word, Excel, and PowerPoint. Resolution: Add Microsoft Office applications to the Content Tracking Whitelisted Processes in the client configuration. Also, add the folder …\Program Files…\Microsoft Office\Office…\PROOF\ for all files.

			10.0.300 11.0.130	Issue: After you upgrade Windows to Windows 10 RS 1 (Anniversary Update), MFE*.sys isn't registered in the Registry under Safe Boot key. So, access protection and network communication protection rules don't work in Safe Mode (minimal and network). Workaround:** Upgrade DLP or reinstall.
1034514			11.0.130	Issue: When the Run DLP client in Safe Mode configuration is disabled, log on in safe mode and return to normal mode. MA sends an error report to ePO that Drivers initialization failed. Workaround: To return the reporting to normal mode, restart the client.

Investigating - non-critical (DLP Endpoint)
DLPW-6483	-	11.6.213	-	Issue: The Preview pane option in the endpoint doesn't enable or disable when the Windows Explorer preview pane functionality in ePO is enabled or disabled.
DLPW-6496	-	11.6.200	-	Issue: A Screen Capture Protection rule with Block action doesn't trigger an event when taking a screenshot of the minimized preview window.
TSDP-7787	KB95295	11.9.0	-	Issue: You see a system crash (blue screen) with Intel® 11th Gen CPUs. NOTE: We recommend that you not deploy DLP Endpoint 11.9.0 to these specific systems until the issue is fixed. Workaround: See the related article for details.
EPO-9926	KB94984	ePO 5.10 Update 8	-	Issue: DLP Appliance Management extension reports incorrect CPU system usage. Workaround: See the related article for details.
DLPO-3242	-	11.4	-	Issue: An Email Protection Rule is created and an email is sent to more than two recipients. All email recipients aren't displayed for MVISION Cloud. The email recipients are displayed when you hover over it.
	KB89089	11.0	11.6	Issue: From 11.6, DLP Endpoint supports web protection rules on Edge based on Chromium (Version 84.0.4147 and later). In 11.6, DLP Endpoint doesn't support URL-specific rules on Edge browsers for the following rules: Clipboard protection rule Printing protection rule Application protection rule Workaround: Configure the above-mentioned rules without URL-specific configuration. Use the "Any URL" option.
DLPO-3350	-	11.4	-	Issue: If the email doesn't have a "Subject" added to it, the "Email Subject" under Additional Information displays "No Subject" with the angle brackets for MVISION Cloud.
DLPO-3404	-	11.4.0	-	Issue: If the shared location is Unavailable, evidences aren't imported from MVISION Cloud to ePO. When the shared location is restored, evidences are recovered after 10 minutes by default.
DLPO-3012	-	11.3.0	-	Issue: DLP Web post aggregation fails in mail.google.com (Gmail). There's no aggregation and multiple incidents are generated instead of a single incident.
DLPW-4540	-	11.3.0	-	Issue: When the Chrome Injection is disabled, and the rule is triggered, the Incident Manager on ePO displays the failure reason as: “Non-Supported Chrome Version.”
DLPW-4100	-	11.4.200	-	Issue: The Windows 10 Microsoft Print to PDF built-in printer is considered a local printer by DLP Endpoint.
898377		9.3.100	-	Issue: Clipboard blocks copying from Microsoft Word to Microsoft Outlook. You see the error below: Word has encountered a problem.
DLPX-42		9.3.0	-	Issue: Removable Storage Device Rule on OS X can't block writing to CD/DVD and can't set the CD/DVD to read-only rule.
DLPW-3350			-	Issue: The fixed hard disk rule doesn't work for drives mounted in an NTFS folder.
DLPX-41		9.4.0	-	Issue: UAG configuration using LDAP Object Identification - Identify LDAP objects by their name isn't supported for Mac clients. Workaround: Use LDAP Object Identification - Identify LDAP objects by SID (Security ID) configuration.
Known Issues - non-critical (DLP Endpoint)
979613			n/a	Issue: A blue screen error occurs after you create a Plug and Play device rule to block CD/DVD drives on a Windows 8.1 system with Roxio burning software. Resolution: Contact Roxio to have your issue investigated.
1012744			n/a	Issue: When Endpoint Encryption for Removable Media (EERM) initializes blocked devices, they aren't treated as Content Encrypted by McAfee devices until the devices are removed and plugged in again. NOTE: There are no plans to resolve this issue. Implement the workaround below. Workaround: Remove the device and plug it in again.
872984		9.3.0	n/a	Issue: A Web Post rule blocks the metro user-interface application with the Internet Explorer handler. NOTE: There are no plans to resolve this issue.
914808		9.3.0	n/a	Issue: Some built-in USB SD card readers are physically connected to the USB bus and not to the SD bus. As a result, they're recognized as a USB bus type and not as an SD bus type. NOTE: There are no plans to resolve this issue. Implement the workaround below. Workaround: Open the Mac System Information and determine if the SD card reader is connected to the USB bus or SD bus. If the SD card is connected to the USB bus type, configure your Removable Storage Device Rule to protect USB bus type.
907629		9.3.0	n/a	Issue: DLP Agent can't recognize a FAT32 file system on a GUID Partition Table formatted drive. NOTE: There are no plans to resolve this issue. Implement the workaround below. Workaround: To block a FAT file system, select both FAT16 and FAT32 as File System Type in the Removable Storage Device Rule.
DLPO-4064 DLPO-4065 DLPO-3969	-	11.5.0	n/a	Issue: Microsoft Windows Rights Management Services (RMS)/Seclore fails to connect with HTTPS (test connection) in ePO 5.10. Resolution: Import the RMS and Seclore certificate to the ePO keystore file. For more information, see the related article.
1226226	KB89089	11.0.0	-	Issue: DLP Endpoint 11.x doesn't support Web Protection, Clipboard Protection, and Printing protection for Microsoft Edge version 42. Also, DLP Endpoint versions earlier than 11.0.200 don't support Web Protection for Microsoft Edge version 40 and v41.
DLPW-3359			n/a	Issue: You open Microsoft Excel files from the shortcut menu on a client with Application File Access Protection. The Microsoft Office Applications condition is applied, and the Titus plug-in is installed for Microsoft Office. You see an error. NOTE: There are no plans to resolve this issue. Implement the workaround below. Workaround: Open the Excel application by going to File and then Open, or disable DDE for Excel application (on the registry).
945247			n/a	Issue: Printing protection rules don't block Word-to-PDF conversions when the printing application is defined as Microsoft Word. This issue occurs because the application that performs the conversion isn't Word, its Adobe Distiller. Resolution: Define the application as Adobe Distiller in the Application field.
875868 875981	-	-	n/a	Issue: If Microsoft Outlook isn't the default mail client, Email Discovery doesn't run and the console displays wrong values. NOTE: Outlook has always been a prerequisite and must be the default mail client.
982508	-	9.3.207	n/a	Issue: Clipboard Protection Rule triggers every time a user right-clicks on an Internet Explorer browser window with restricted data already copied to the clipboard. (No paste operation is performed.) NOTE: There are no plans to resolve this issue. Implement the workaround below. Workaround: Add explorer.exe to the Clipboard allowed processes in client configuration.
-	-	-	n/a	Issue: The DXL client must be in the connected state for the Application file access protection rule, including TIE reputation condition to work. While DXL is in a disconnected state, the Application File access protection rule works based on the reputation cache, if it exists.
-	-	-	n/a	Issue: You must restart the DLP Client for the Email Protection rule to work on Lotus Notes.
			n/a	Issue: Software that contains an application-level restriction mechanism must be configured to permit all DLP Endpoint service requests. A restriction mechanism can be virus protection, antispyware, or personal firewall software. For example, for the DLP Endpoint Agent to start when Tenebril SpyCatcher is installed, you must add the agent as a trusted application in SpyCatcher.
-	-	-	n/a	Issue: The Block and charge feature is supported only for iPhone 4 and later. There's no workaround. Earlier iPhones can only be blocked.
	-	11.6	n/a	Issue: When Outlook background processing is enabled and a user tries to send a non-mail Outlook item, DLP agent processes the item in a foreground mode. (Examples of a non-mail Outlook item are an invite or creating a task.) DLP agent uses the timeout value configured in Windows Client Configuration, Client Config Name, Email Protection, Email Timeout Strategy, Email analysis maximum time (s). It also uses the action to perform the value configured in Windows Client Configuration, Client Config Name, Email Protection, Outlook Background Processing (Only for DLP 11.6 and later) Action if the maximum time is exceeded.
	-	11.6	n/a	Issue: If a registered document has multiple classifications attached to it, you can't delete a single classification from the registered document. Information: It prevents the user from deleting a classification that has a registered document attached to it. Workaround: Delete the registered document. Delete the classification that you don’t want. Upload the registered document with other classifications attached to it.
			n/a	Issue: DLP Endpoint doesn't interact with IPv6. The DLP IP features don't support it or interfere with it.
			n/a	Issue: Incorrect configuration of the device blocking feature might cause the client computer to malfunction. For example, even though critical devices are normally in the unmanaged devices list, they can be moved to the managed list. We recommend that you test the device blocking rules on a subset of computers before mass deployment.
			n/a	Issue: Tagging an application as an Internet Explorer application means that the DLP Endpoint Agent disregards any content manipulation by the application. Copy and paste, print screen, and content-based tagging rules don't apply. Use the Explorer Strategy only for 'Explorer-like' applications, such as shell applications.
			n/a	Issue: To avoid performance issues, we recommend the following configuration changes: Add all virus protection, indexing services, Windows update, and other trusted applications to the DLP Endpoint Policy Manager. Add them as an application group with the Trusted strategy. Remove unnecessary applications and application groups from the DLP Endpoint Policy Manager.
			n/a	Issue: When you disable device blocking, the change only takes effect after you restart the agent computer. Disabling the device blocking probe from the DLP Endpoint Agent configuration doesn't unblock devices on the agent computer. Devices that were in a blocked state before disabling the device blocking probe remain in the blocked state until unplugged and plugged in again. IMPORTANT: Perform removal of device blocking in emergency cases only. A restart re-enables the devices that are blocked. To achieve the effect of unblocking a specific device class, we recommend that you change the device class to unmanaged.
			n/a	Issue: Screenshots and clipboard rules ignore the Trusted strategy and block Trusted applications as well as Editors. This behavior is expected because trusted processes aren't part of the screen capture or clipboard logic.
			n/a	Issue: Print Screen blocking rules remain in effect as long as the process that they're tracking is running. Window focus doesn't affect Print Screen blocking rules. This behavior is expected because a sensitive file that isn't in focus can still be visible on the screen.
			n/a	Issue: The network communication protection blocking rule doesn't block or monitor SMB connections. The reason is because these connections are covered by file system rules.
-	-	11.3.0	n/a	Issue: In the Chrome Incognito mode, the Chrome extensions aren't available, so the URLs aren't detected. So, the allow list URLs and URL exceptions aren't being applicable in the Incognito mode.
-	-	-	n/a	Issue: In the Removable Storage File Access Device rule, there's an Or condition between the file extension and the True File type. For example, if you define a rule to block the file extension exe and True File: HTML, both file types are blocked.
-	-	-	n/a	Issue: You can't upgrade DLP Endpoint while the Sysinternals Process Explorer tool is open. If you experience an issue when you upgrade DLP Endpoint, make sure that this tool is closed.
-	-	-	n/a	Issue: When you upload registered documents, if you try to upload a file with a file name longer than 50 characters, it fails with an error message. The problem occurs because Windows file path has a 256-character limit. DLP Endpoint concatenates the internal path to the file name, which can result in paths longer than the allowed limit. Resolution: Shorten the file name to fewer than 50 characters.
			n/a	Issue: Network Communication protection rule and Screen Capture protection rule don't support Manual Classification.
-	-	-	n/a	Issue: To reduce memory consumption, the total number of dictionary items that can be used in a policy is limited to 50,000.
-	-	-	n/a	Issue: To reduce memory and CPU usage, the total number of signatures contained in the registered documents package is limited to 1,000,000 signatures. This number is the maximum that can be placed in a registered document repository. This number is equivalent to about 250 MB of the original document content.
461535			Expected Behavior	Issue: Email protection rules are bypassed when the network connection is disabled and Lotus Notes is set to Offline mode.
348500			Expected Behavior	Issue: When you plug a Kingston U3 drive into a computer with a mass storage device, the tagging rule causes high CPU usage for several minutes. The reason is because of large .u3p files being opened on the drive. Workaround:* Add Launchpad.exe to an application group and set the strategy to Trusted.

n/a = not applicable
Back to top

DLP Discover 11.x known issues

Critical

Data Loss Prevention Discover (Critical)
Reference Number	Related Article	Found In	Fixed In	Issue Description
Resolved - non-critical (DLP Discover)
DLPD-1082	SB10368	11.6.0	11.7.100	Issue: A Remote Code Execution (RCE) vulnerability CVE-2021-31845 occurs in DLP Discover that parses Ami Pro (.sam) files during server content inspection.

Non-critical

Data Loss Prevention Discover (Non-Critical)
Reference Number	Related Article	Found In	Fixed In	Issue Description
Resolved - non-critical (DLP Discover)
DLPO-8807	-	11.6.0	11.10.0	Issue: The Evidence file share authentication fails, and doesn't allow the upload of evidence.
DLPO-9330	-	11.6.0	11.10.0	Issue: The US Social Security Number Randomization in Advanced Pattern is selected as deprecated and shows an incorrect description.
DLPD-995	-	11.5.0	11.7.0	Issue: DLP Discover remediation scans with a large number of Exact Data Matching (EDM) matching values now take a shorter duration because of the improved performance in the EDM algorithm.
1268509	-	11.1.100	11.2.0	Issue: DLP Server is unable to synchronize "RegDocs" packages from the evidence share and shows "access denied" for local system account users. Workaround: Grant permissions (at least Read rights) to the DLP Server's local system account user to access the evidence share.
Investigating - non-critical (DLP Discover)
1264942	-	11.1.100	-	Issue: The DLP Discover OCR module's rate of accuracy when it extracts some Asian languages is inconsistent.
DLPD-820	-		-	Issue: The message Failure reason: General error is incorrectly displayed when user permission is insufficient to access a site.
DLPW-3361		9.4.0	-	Issue: Endpoint Discovery scheduler with Time Zone Coordinated Universal Time (UTC) on and running McAfee Agent (MA) 5.0.1 runs as Local time on managed systems. Workaround: Use the Local time zone on managed systems instead of Coordinated Universal Time (UTC) when using MA 5.0.1.
DLPD-1206	-	11.6.0	-	Issue: The Discover server installation doesn't install the prerequisite software such as SharePoint client or Active Directory rights management when you install with the Advance deployment option in on-premises or MVISION ePO.
Known Issues - non-critical (DLP Discover)
1143438	-	-	n/a	Issue: The DOCREADME BOX, 'redirect URI in box app,' needs to be the same as the ePO web address.
1090520	-	-	n/a	Issue: You see the Restore from file option, but when you click it, nothing happens. NOTE: There are no plans to resolve this issue. Implement the workaround below. Workaround: Click Browse, browse to the backup file, click Restore from file, and then click Save.
1136118	-		Expected Behavior	Issue: DLP Discover isn't reported as reporting product in Incident Manager.
1121738	-		Expected Behavior	Issue: Apply RMS fails when the user profile isn't loaded correctly.

DLP Prevent and Monitor 11.x known issues

Critical

DLP Prevent and Monitor (Critical)
Reference Number	Related Article	Found In	Fixed In	Issue Description
Resolved - Critical (DLP Prevent and Monitor)
-	SB10371	-	11.8.0	Issue: The Cross Site Scripting (XSS) vulnerability CVE-2021-31848 occurs in DLP Case Management.
-	SB10371	-	11.8.0	Issue: The SQL Injection vulnerability CVE-2021-31849 triggers when deleting user information in DLP.

Non-critical

DLP Prevent and Monitor (Non-Critical)
Reference Number	Related Article	Found In	Fixed In	Issue Description
Resolved - Non-Critical (DLP Prevent and Monitor)
DLPN-10971	-	11.6.0	11.8.0	Issue: A false insecure unlock key alert is generated in the Appliance Management after you upgrade to version 11.6.x.
DLPN-10978	-	11.6.0	11.8.0	Issue: DLP Prevent and DLP Monitor appliances show an incorrect Policy Revision number in the product status page of the System Tree.

DLPN-7423	-	11.4.0	11.5.0	Issue: The LDAP synchronization file is missing on the DLP Prevent running 11.4.0.

1264968	-	11.0.700	11.2.000	Issue: The Linux glibc, which is the standard GNU C library package, needs to be upgraded to the latest version.
1266348	-	11.0.700	11.2.000	Issue: The Secure Shell (SSH) Host keys aren't preserved after upgrade.

.1262144		11.1.0	11.1.100	Issue: Incidents Generated on DLP Monitor display multiple classifications that aren't configured in the Web Post Protection rule.
1259189		11.1.0	11.1.100	Issue: ms_dpi fails to start when hosted on certain ESX platforms.
1256562		11.0.300	11.1.100	Issue: Wrong action can be taken if rules only involve classifications in attachments.
1256964		11.1.0	11.1.100	Issue: The oldest record counter for ePO is incorrect on an appliance with capture disabled.
1257863		11.1.0	11.1.100	Issue: The Healthmonitor continually restarts snmpd when encryption is configured.
1258217		11.1.0	11.1.100	Issue: Policy alerts aren't generated on the appliance.
1261900		11.1.0	11.1.100	Issue: Multiple masters appear in DLP VM appliances.
1258568		11.1.0	11.1.100	Issue: copy_file_writer writes out null values rather than sensible defaults.

1249983		11.0.400	11.1.0	Issue: Incidents contain "Short Match String" even when Report Short Match String is disabled in the policy settings.

1256599		11.0.300	11.0.700	Issue: Manual classification doesn't work with PNG and TIFF files.
1260145		11.0.300	11.0.700	Issue: Email prevent user notification is malformed.
1262801		11.0.200	11.0.700	Issue: Clickjacking vulnerability.
1263830		11.0.300	11.0.700	Issue: Dictionary classification doesn't work. Counts each match string only one time.

1255895		11.0.300	11.0.601	Issue: When polling the remote syslog system, it returns critical.

1244007	-	11.0.302	11.0.600	Issue: File extension classifications don't work on Outlook Web Access and Gmail attachments.
1244475	-	11.0.302	11.0.600	Issue: High memory usage by mca service.
1247656	-	11.0.302	11.0.600	Issue: Email recipient details in ePO incident don't show "DisplayName <email@address>".
1249482	-	11.0.302	11.0.600	Issue: DLP Operational event shows policy change event on Policy Enforcement Interval even if there's no change.
1249705	-	11.0.302	11.0.600	Issue: Appliance Management alerts are sometimes not removed, and report an old status.

1249465		11.0.302	11.0.303	Issue: DLP Monitor rules don't trigger properly when there are multiple HTTP requests on the same connection.

1245425		11.0.301	11.0.302	Issue: The SMB client workgroup is now configured to the evidence share user domain.
1234340		11.0.202	11.0.302	Issue: Non-clean shutdown corrupts agent databases and makes the appliance unmanageable.
1216182		11.0.102	11.0.302	Issue: Evidence queue builds up and doesn't parse.
1228792		11.0.200	11.0.302	Issue: ICAP protocol conversation error\|5\|act= app=icap msg=LDAP username that corresponds to email address isn't resolved.
1243404		11.0.200	11.0.302	Issue: SNMP traps severity is incorrect.

1234603		11.0.202	11.0.301	Issue: There's a discrepancy between local SSH config and SSH config from ePO policy.
1236931		11.0.0	11.0.301	Issue: Vulnerabilities reported in OpenSSL.
1237682		11.0.200	11.0.301	Issue: Real-time lookups cause high CPU usage on domain controllers.
1238505		11.0.200	11.0.301	Issue: The evidence server user account is locked out every five minutes.
1241242		11.0.300	11.0.301	Issue: Users and groups page shows no registered servers.
1242205		11.0.201	11.0.301	Issue: There's an error in system management. The policy can't be enforced NDLP11.

1229600		11.0.200	11.0.300	Issue: Domain-based LDAP config fails if the first server synchronized with is unreachable.
1229612		10.0.206	11.0.300	Issue: CSE Spin detection returns a 451.
1230003		11.0.200	11.0.300	Issue: Incorrect Source or Destination IP address is reported in incidents.
1221981		11.0.200	11.0.300	Issue: Policy pushed from ePo to DLP Prevent/Monitor isn't applied CSF Validation Error.
1228471		11.0.200	11.0.300	Issue: ICAP errors on secondary LDAP server.
1228835		10.0.206	11.0.300	Issue: SCAN_TIMEOUT returns a 451.
1223688		11.0.200	11.0.300	Issue: DLP Monitor doesn't treat decrypted HTTPS traffic as HTTP traffic when it reviews for policy violations.
1211945		11.0.0	11.0.300	Issue: Unable to delete older active alerts from appliance management.
1218553		10.0.200	11.0.300	Issue: Quit on recipient addresses with a long local part.
1234721		11.0.200	11.0.300	Issue: Large number of ICAP connections causes slow internet connections.

1216163		11.0.0	11.0.300	Issue: DLP Prevent recognizes application/json as text files in classification.
1221793		11.0.200	11.0.300	Issue: Passwords are stored in plain texts and recorded in the system log.
1225394		11.0.0	11.0.300	Issue: SNMP v3 doesn't work because of a possible long EngineID and same system name.
1227363		11.0.200	11.0.300	Issue: Administrator user using sudo requires further restrictions on the following: Privilege escalation - Arguments are allowed to mash. Folder deletion - The getlogs.sh fails. The script that runs doesn't have a directory as the first argument. Arbitrary file read - File name argument isn't readable by administrator. Access to decryption keys - The GlobalPolicy.opg is world-readable and evidencecrypt is a test util that doesn't have 0700 permissions. Log files leak - Log files aren't readable by administrator user.
1213380		11.0.0	11.0.300	Issue: Incident Manager displays the file name with path information.
1216571		11.0.0	11.0.300	Issue: Invalid "excluded" regex patterns in classifications don't cause policy validation failure.
1217336		10.0.200	11.0.300	Issue: An invalid LDAP server causes all others to be tagged as not available.
1219425		11.0.0	11.0.300	Issue: DLP Appliance fails to connect through SMB2 protocol when you upload evidence to the NetApp share.
1219975		11.0.200	11.0.300	Issue: Import_ssl_cert script requires the root to run.
1224289		11.0.0	11.0.300	Issue: Kernel Update for Meltdown and Spectre vulnerability CVE-2017-5715, CVE-2017-5753, CVE-2017-5754.
1219660		10.0.0	11.0.300	Issue: When the proxy is integrated with DLP using ICAP, an upload of any file larger than 1 GB fails.
1226418		11.0.0	11.0.300	Issue: Incidents have incorrect data for the source or destination fields.
1225622		10.0.206	11.0.300	Issue: Invalid character in the local part of Offending data causes the SMTP process to quit.
1227475		11.0.0	11.0.300	Issue: PGP encrypted files aren't detected as password-protected files.

1202481		11.0.0	11.0.200	Issue: Rules matching on email address regular expressions are case-sensitive.
1208258		11.0.0	11.0.200	Issue: The DLP Monitor appliance crashes when it handles IPv4 packets that contain the address 0.0.0.0.
1198676		11.0.0	11.0.200	Issue: Sender information in Incident Manager displays a MIME header encoded line as is.
1192249		10.0.200	11.0.200	Issue: Unable to view the file name on Incident Manager when the attachment file name has double byte characters.
1195163		10.0.202	11.0.200	Issue: 400 bad request sent from the DLP Prevent 10 when the Preview Header is present in the TCP Stream.
1193589		11.0.0	11.0.200	Issue: Can't change password from "space here."
1205545		10.0.204	11.0.200	Issue: ICAP Preview fails for a body greater than Preview size.
1202417		10.0.200	11.0.200	Issue: Users can send restricted emails in certain AD Groups.
1202683		11.0.0	11.0.200	Issue: Timeout issues occur getting ePO policy/applying config.
1203669		10.0.200	11.0.200	Issue: User group field isn't populated in Queries & Reports, but shows up in Incident Manager.
1204331		10.0.101	11.0.200	Issue: DLP Prevent can't upload to evidence server, which has SMBv1 disabled.
1205892		10.0.203	11.0.200	Issue: DLP Prevent 10 generates several incidents for one violation.
1206520		11.0.0	11.0.200	Issue: Processing of large DLP Prevent/Monitor policy configurations takes an excessively long amount of time to apply.
1206927		10.0.200	11.0.200	Issue: No SNMP traps are generated for "Data Loss Prevented" objects.
1207482		10.0.101	11.0.200	Issue: An Outlook related issue causes .eml files to render incorrectly from the evidence page.
1199994		11.0.0	11.0.200	Issue: DLP Prevent doesn't trigger a rule based on the classification using "Count each match string only one time."
1205024		10.0.203	11.0.200	Issue: DLP Prevent can't detect custom properties of a .PDF file.
1211093		10.0.204	11.0.200	Issue: Internal rescue image doesn't update to the new build.
1213643		11.0.0	11.0.200	Issue: OPG2CSF.xsl doesn't ignore the obsolete true file type condition "Password protected files."
1215265		11.0.0	11.0.200	Issue: Messages with multiple recipients aren't delivered to all recipients.

Investigating - non-critical (DLP Prevent and Monitor)
TSDP-3727 TSDP-3912 TSDP-24	-	11.4.0	-	Issue: In the ePO, the Appliance Management page shows "Unable to contact" alert for one or more DLP Prevent or DLP Monitor appliances. Cause: The appliance is unable to contact ePO due to a communication breakdown between MCA and MA on the appliance. The deadlock within MCA causes the breakdown. Workaround: Restart the MCA process every hour so that any deadlock is automatically removed without the need of manual intervention or reboot. For workaround installation details, contact Technical Support.
Known Issues - non-critical (DLP Prevent and Monitor)
DLPO-5104	-	11.5.0 (RTS)	n/a	Issue: The document registration scan fails when the DLP Server is upgraded from an earlier version to 11.5, or with a fresh installation of 11.5. IMPORTANT: Configuration changes might be needed for automatic document registration to work with the DLP Server 11.5.0.32. Workaround: The DLP Server's host account needs read access to the CIFS share on which the evidence files are stored. To provide the host account with read access to the CIFS share: In the Choose people on your network to share with dialog box, add the host name of the system on which the DLP Server is running. Include a $ sign at the end of the host name. For example, if dlpserver.your.domain is the FQDN of the host on which the DLP Server is running, add the host name as dlpserver$.
-	-	-	n/a	Issue: Multiple application-access events can be listed in the DLP Endpoint monitor. For some applications, such as Microsoft Word, more than one message is generated for a single application access. The reason is because of the application background procedures.

DLP Management Extension 11.x known issues

Critical

Data Loss Prevention Management Extension
Reference Number	Related Article	Found In	Fixed In	Issue Description
Resolved - critical (DLP Management Extension)
-	SB10376	11.1.0	11.7.101	Issue: The SQL Injection vulnerability CVE-2021-4088 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database.
-	SB10371	11.1.0	11.7.100 11.400	Issue: A Cross Site Scripting (XSS) vulnerability CVE-2021-31848 applicable to the DLP Management extension.
-	SB10371	11.1.0	11.7.100 11.400	Issue: The SQL Injection vulnerability CVE-2021-31849 that gets triggered when deleting user information applicable to DLP Endpoint for Windows.
1257017		11.1.0	11.1.0.24	Issue: An attempt to restore a DLP 9.4 backup that includes classification criteria which looks for True File Type equals Password Protected files fails. The failure occurs when the DLP ePO Extension uses a DLP Prevent license or a DLP Monitor license. The failure also occurs if the DLP Skyhigh connection is enabled. Workaround: Restore the DLP backup into a DLP ePO extension that doesn’t contain the licenses mentioned. Also, replace the classification criteria that checks for 'True File Type equals Password Protected files'. Set the criteria to look for a File Encryption type equal to Unsupported Encryption types or password protected files. If the classification criteria has been modified, create a DLP backup.
DLPO-3122	KB91834	11.3.0	11.4.200	Issue: The incidents aren't being imported from MVISION Cloud to DLP Incident Manager.

Non-critical

Data Loss Prevention Management Extension
Reference Number	Related Article	Found In	Fixed In	Issue Description
Resolved - no-critical (DLP Management Extension)
DLPO-9467	-	11.6.100	11.8.100	Issue: An error occurs when you try to create a drive or device group from the DLP Policy Manager, under Definitions, Device Templates, Actions, and New Group.
DLPO-9339	-	11.6.100	11.8.100	Issue: Logging into ePO console and navigating to certain pages takes longer for non-administrative user accounts.
DLPO-8860	-	11.6.100	11.8.100 11.7.101 11.6.401.1	Issue: The queries cause transaction logs to grow, which creates performance issues.
DLPO-8991	-	11.6.100	11.8.100 11.7.101 11.6.401.1	Issue: A network shared folder for a classification can't be created with only the server name and without a mandatory folder name.
DLPO-9291	-	11.6.200	11.7.101 11.6.500	Issue: The File System Type property value is considered as default even if the parameters have predefined values.
DLPO-9353	-	11.6.200	11.7.101 11.6.401.1	Issue: The default allows listings for Microsoft Edge in Content tracking are missing.
DLPO-9356	-	11.6.100	11.7.101 11.6.401.1	Issue: In the DLP policy changes, Save Agent Policy information is written with an administrative user in the Audit Log, rather than the logged in user.
DLPO-9209	KB92976	11.6.100	11.7.100 11.6.400	Issue: After you upgrade ePO 5.10 Update 10, the drill-down data tables are blank in the DLP incident reports. This issue is seen when you export to CSV or PDF formats.
DLPO-9182	-	11.6.0	11.7.100 11.6.040	Issue: Incidents for offline processed events don't show the correct status in the Actual Action column on the Incident Manager page.
DLPO-8659	-	11.6.100	11.7.100 11.6.040	Issue: After you upgrade to ePO 5.10.0 Update 10, with the Japanese and Traditional Chinese versions of DLP Endpoint 11.6.100, the page doesn't load. You see this issue on the Email Protection page of the Windows Client configuration policy. This issue has been seen as loading continuously on all supported browsers, but the page never loads.
DLPO-8186	-	11.6.0	11.7.100 11.6.040	Issue: When you run the DLP Import 'MVISION Cloud Events Task', it takes two hours to complete. You can specify the number of incidents that can be imported from the MVISION Cloud Server page in a server task. The default value is set to 1000. The issue is seen when setting a value lower than 1000.
DLPO-8185		11.6.0	11.7.100 11.6.040	Issue: After you run DLP Import 'Pull incidents from MVISION Cloud', the task fails intermittently. The Classification name also shows as 'None'. You see this issue after you enable the task from the MVISION Cloud Server DLP Settings page.
DLPO-9184		11.5.0	11.7.100 11.6.040	Issue: The CC and BCC domains for MVISION Cloud incidents aren't shown in the Destination column of the DLP Incident Manager, and the Incident History tab.
Investigating - non-critical (DLP Management Extension)
DLPO-9436		11.9.000 11.6.400 11.4.300	-	Issue: "An unexpected error occurred" is displayed when accessing the DLP Settings page. The Issue is seen on ePO 5.10 Update 11 systems.
1246454	-	11.0.500	-	Issue: Incidents contain "Short Match String" even when Report Short Match String is disabled in the policy settings.
1066784	-	-	-	Issue: Queries and Reports: Incident count displays an incorrect value for DLP: No. of incidents per rule set if multiple rules hit the same file on a rule set.
1034291	-	-	-	Issue: Reoccurring quarantined placeholder events generate an error when you try to open them through open this occurrence. Workaround: The option open this series doesn't display the error. Also, after the events are released from quarantine, the error no longer appears.
DLPO-3029	-	11.3.0	-	Issue: Redacted data is visible when the DLP incidents are displayed in a report. Workaround: For the redacted users, deny permissions to Queries and report.
-	-	-	-	Issue: The write permissions set for the allow list folder are incorrectly enabled for more than the DLP administrator.
Known Issues - non-critical (DLP Management Extension)
-	-	-	n/a	Issue: The DLP Endpoint 10.x Management Extension might fail to install if the DLP 9.3.x help extension is already checked in. Workaround: Only one help extension can be checked in at one time. You must remove the DLP 9.3.x help extension to install the DLP Endpoint 10.x help extension.
-	-	-	n/a	Issue: When you upload registered documents, if you try to upload a file with a file name longer than 50 characters, it fails with an error message. The problem occurs because Windows file path has a 256-character limit. DLP Endpoint concatenates the internal path to the file name, which can result in paths longer than the allowed limit. Resolution: Shorten the file name to fewer than 50 characters.
-	9.4.0	-	n/a	Issue: After you import DLP Endpoint 9.4 MAC Policy to DLP Endpoint 10.0, you must reassign the MAC policies and MAC configuration to its System Tree nodes in the new environment. You must also make these reassignments after you upgrade from DLP Endpoint 9.4 to DLP Endpoint 10.0.
-	-	-	n/a	Issue: When you restore a policy that includes the Prevent action Encrypt by FRP, you must reselect the key.
-	-	-	n/a	Issue: You must add both conhost.exe, and dllhost.exe to the 'Application file process access allow list'. Complete the task once you’ve updated the DLP Endpoint extension. The list is contained within the client configuration section.
-	-	-	n/a	Issue: DLP Email Protection is disabled if Titus Email Classification is used and the Titus license expires. Workaround: Deselect the Titus support checkbox in the Advanced Configuration tab in the Agent configuration.
-	-	-	n/a	Issue: After you import DLP Endpoint 9.4 MAC Policy to DLP Endpoint 10.0, you must reassign the MAC policies and MAC configuration to its System Tree nodes in the new environment. You must also make these reassignments after you upgrade from DLP Endpoint 9.4 to DLP Endpoint 10.0.

Related Information

All products listed below have reached EOL. For details, see KB91977 - End of Life for Data Loss Prevention 11.4.x, 11.3.x, 11.1.x, 11.2.x, 11.0.x.

DLP Component and Version	Operating System	Release Date
DLP ePo Extensions
-	-	-
DLP Endpoint
Endpoint 11.5.3 Hotfix (GA)	Windows	August 11, 2020
Endpoint 11.5.2 Hotfix (GA)	Mac	August 11, 2020
Endpoint 11.5.0 (GA)	Windows	May 12, 2020
Endpoint 11.5.0 (GA)	Mac	May 12, 2020
Endpoint 11.4.300 (GA)	Windows	November 10, 2020
Endpoint 11.4.200 (GA)	Windows	August 11, 2020
Endpoint 11.4.0 (GA)	Windows	November 12, 2019
Endpoint 11.3.31 Hotfix (GA)	Mac	August 11, 2020
Endpoint 11.3.30	Mac	October 10, 2019
Endpoint 11.3.29.62 Hotfix	Windows	August 11, 2020
Endpoint 11.3.28.10 Hotfix	Windows	August 11, 2020
Endpoint 11.3.0	Windows	July 23, 2019
Endpoint 11.1.3	Mac	November 22, 2018
Endpoint 11.1.200	Windows	July 23, 2019
Endpoint 11.1.200	Mac	July 23, 2019
Endpoint 11.1.100	Windows	January 8, 2019
Endpoint 11.1.100	Mac	January 8, 2019
Endpoint 11.1.0	Windows	October 22, 2018
Endpoint 11.0 11.0 Hotfix 150	Windows	January 11, 2018
Endpoint 11.0 11.0 Hotfix 130	Windows	November 13, 2017
Endpoint 11.0 Hotfix 2	Windows	July 20, 2017
Endpoint 11.0	Windows	June 1, 2017
Endpoint 11.0	Mac	June 7, 2017
DLP Prevent (Appliance, Images)
Prevent 11.5.2 Hotfix (GA)		August 11, 2020
Prevent 11.5.0 (GA)		May 12, 2020
Prevent 11.4.200 (GA)		September 8, 2020
Prevent 11.4.100 (GA)		March 10, 2020
Prevent 11.4.0 (GA)		November 12, 2019
Prevent 11.3.4 (GA)		March 10, 2020
Prevent 11.3.401 Hotfix (GA)		March 10, 2020
Prevent 11.3.3 Hotfix (GA)		November 12, 2019
Prevent 11.3.1 Hotfix (GA)		September 5, 2019
Prevent 11.1.200 (GA)		July 23, 2019
Prevent 11.1.100 (GA)		January 8, 2019
DLP Monitor (Appliance, Images)
Monitor 11.5.2 Hotfix (GA)		August 11, 2020
Monitor 11.5.0 (GA)		October 13, 2020
Monitor 11.4.200 (GA)		September 8, 2020
Monitor 11.4.100 (GA)		March 10, 2020
Monitor 11.4.0 (GA)		November 12, 2019
Monitor 11.3.4 (GA)		March 10, 2020
Monitor 11.1.200 (GA)		July 23, 2019
DLP Discover
Discover 11.5.0 (GA)		May 12, 2020
Discover 11.4.0 (GA)		November 12, 2019
Discover 11.3.0 (GA)		July 23, 2019
Discover 11.1.200 (GA)		July 23, 2019
Discover 11.1.100 (GA)		January 8, 2019
Discover 11.1.0 (GA)		October 22, 2018

Affected Products

Data Loss Prevention Discover 11.x
Data Loss Prevention Endpoint 11.9.x
Data Loss Prevention Endpoint 11.6.x
Data Loss Prevention Monitor 11.x
Data Loss Prevention Prevent 11.x
Getting Started
Known Issue/Product Defect

Languages:

This article is available in the following languages:

German
English United States
Spanish Spain
French
Italian
Japanese
Dutch
Portuguese Brasileiro
Chinese Simplified

Knowledge Center

Data Loss Prevention 11.x Known Issues

Environment

Summary

Related Information

Affected Products

Languages:

Title

Title

Knowledge Center

Data Loss Prevention 11.x Known Issues

Environment

Summary

Related Information

Affected Products

Languages:

Choose your region

Title

Title