Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
Data Loss Prevention 11.x.x Known Issues
Technical Articles ID:
KB89301
Last Modified: 11/25/2019
Last Modified: 11/25/2019
Environment
McAfee Data Loss Prevention (DLP) Discover 11.x.x
McAfee DLP Endpoint 11.x.x
McAfee DLP ePO extension 11.x.x
McAfee DLP for Mobile Mail 11.x.x
McAfee DLP Monitor 11.x.x
McAfee DLP Prevent 11.x.x
McAfee DLP Endpoint 11.x.x
McAfee DLP ePO extension 11.x.x
McAfee DLP for Mobile Mail 11.x.x
McAfee DLP Monitor 11.x.x
McAfee DLP Prevent 11.x.x
Summary
Recent updates to this article
Contents
Click to expand the section you want to view:
Critical
There are currently no critical known issues.
Non-critical
Back to top
Critical
Critical
Critical
Critical
Non-critical
Critical
| Date | Update |
| November 25, 2019 | Added DLP Endpoint 11.4 known issues. |
| November 12, 2019 |
|
| September 9, 2019 | Added issue TSDP-3573 under "Data Loss Prevention ePO Extension 11.x.x known issues." |
| July 23, 2019 | Added the release details for:
|
| April 23, 2019 | Added issue 1271560 for DLP Endpoint. |
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Contents
Click to expand the section you want to view:
There are currently no critical known issues.
Non-critical
| Reference Number | Related Article | Found in Version | Resolved in Version | Issue Description |
| DLPO-3333 | - | 11.4 | - | Issue: The file size for the incidents reported by MVISION Cloud are displayed in the decimal point under DLP Incident Manager, Incident List. |
| DLPO-3242 | - | 11.4 | - | Issue: When the Email Protection Rule is created and an email is sent to more than two recipients, all email recipients are not displayed for MVISION Cloud. The email recipients are displayed when you hover over it. |
| DLPO-3350 | - | 11.4 | - | Issue: If the email does not have a "Subject" added to it, the "Email Subject" under Additional Information displays "No Subject" with the angle brackets for MVISION Cloud. |
| DLPO-3353 | - | 11.4 | - | Issue: The incident reported by MVISION Cloud does not display the unique match count under "Evidence." |
| DLPO-3354 | - | 11.4 | - | Issue: "SharePoint/OneDrive" incidents have 0.0.0.0 as the computer IP in the incidents reported by MVISION Cloud. |
| DLPO-3404 | - | 11.4 | - | Issue: If the shared location is Unavailable, evidences will not be imported from MVISION Cloud to ePO. When the shared location is restored, evidences are recovered after 10 minutes by default. |
| DLPO-3029 | - | 11.3.000 | - | Issue: Redacted data is visible when the DLP incidents are displayed in a report. Workaround: For the redacted users, deny permissions to Queries and report. |
| DLPO-3012 | - | 11.3 | - | Issue: DLP Web post aggregation fails in mail.google.com (Gmail). There is no aggregation and multiple incidents are generated instead of a single incident. |
| DLPW-4540 | - | 11.3 | - | Issue: When the Chrome Injection is disabled and the rule is triggered, the Incident Manager on ePO displays the failure reason as “Non-Supported Chrome Version.” |
| - | 11.3 | - | Issue: In the Chrome Incognito mode, the Chrome extensions are not available, so the URLs are not detected. Hence, the allow list URLs and URL exceptions are not being applicable in the Incognito mode. | |
| 1271560 | - | 11.2 | 11.3 | Issue: When DLP Endpoint is upgraded from 11.1.200 to 11.2, the upgrade fails. Workaround: Uninstall DLP Endpoint 11.1.200 and restart the system before upgrading to DLP Endpoint 11.2. Resolution: This issue is resolved in DLP Endpoint 11.3. |
| 1264676 1265030 |
- | 11.1.100 | 11.2.000 | Issue: Test connection fails for Evidence Storage if the password contains special characters. (It appears in DLP Settings or on the Evidence Copy Service page of the Client Configuration.) |
| 1264486 | - | 11.1.100 | 11.2.000 | Issue: Files are allowed to be uploaded from all URLs even when the Application File Access Protection blocking rule is configured with specific URL exception list. |
| 1261969 | - | 11.1.100 | 11.2.000 | Issue: Links in the emails that DLP Case Management automatically generates do not work. |
| 1264467 | - | 11.1.100 | 11.2.000 | Issue: Classification caption is not added in the sent emails. |
| 1262607 | - | 11.1.100 | 11.2.000 | Issue: If the sensitive file name contains non-English characters, the web protection rule does not work when you use Chrome browser version 67 and later. |
| 1222510 | - | 11.0.200 | 11.2.000 | Issue: When the PDF image files are opened in the Internet Explorer, it displays the "There is a problem with Adobe Acrobat/Reader" error message. |
| Issue: The Windows 10 Microsoft Print to PDF built-in printer is considered a local printer by DLP Endpoint. | ||||
| Issue: In the Removable Storage File Access Device rule, there is an Or condition between the file extension and the True File type. For example, if you define a rule to block the file extension exe and True File:HTML, both file types are blocked. | ||||
| Issue: You can't upgrade DLP Endpoint while the Sysinternals Process Explorer tool is open. If you experience an issue when you upgrade DLP Endpoint, make sure that this tool is closed. | ||||
| Issue: The DXL client must be in the connected state for the Application file access protection rule including TIE reputation condition to work. While DXL is in a disconnected state, the Application File access protection rule works based on the reputation cache, if it exists. | ||||
| Issue: You must restart the DLP Client for the Email Protection rule to work on Lotus Notes. | ||||
| 1095437 | 9.4.0 | 9.5.0 | Issue: OS X El Capitan 10.11 Support - False events with root user type are generated. | |
| 1095474 | 9.4.0 | 9.4.100 | Issue: OS X El Capitan 10.11 Support - RSDR with VID/PID device definition does not work. | |
| 875868 875981 |
Issue: If Microsoft Outlook is not the default mail client, Email Discovery does not run and the console displays wrong values. NOTE: Outlook has always been a prerequisite and must be the default mail client. |
|||
| 982508 | 9.3.207 | Issue: Clipboard Protection Rule triggers every time a user right-clicks on an Internet Explorer browser window with restricted data already copied to the clipboard (no paste operation performed). Workaround: Add explorer.exe to the Clipboard whitelisted processes in client configuration. |
||
| 1012744 | Issue: When blocked devices are initialized by EERM, they are not treated as Content Encrypted by McAfee devices until the devices are removed and plugged in again. Workaround: Remove the device and plug it in again. |
|||
| 898377 | 9.3.100 | Issue: Clipboard blocks copying from Microsoft Word to Microsoft Outlook. You see the error: Word has encountered a problem. | ||
| 872984 | 9.3.0 | Issue: A Web Post rule blocks metro user interface applications, even with the Internet Explorer handler. | ||
| 914808 | 9.3.0 | Issue: Some built-in USB SD card readers are physically connected to the USB bus and not to the SD bus. As a result, they are recognized as a USB bus type and not as an SD bus type. Workaround: Open the Mac System Information to determine if the SD card reader is connected to the USB bus or to the SD bus. If the SD card is connected to the USB bus type, configure your Removable Storage Device Rule to protect USB bus type. |
||
| 907629 | 9.3.0 | Issue: DLP Agent can't recognize a FAT32 file system on a GUID Partition Table formatted drive. Workaround: To block a FAT file system, select both FAT16 and FAT32 as File System Type in the Removable Storage Device Rule. |
||
| 881268 | 9.3.0 | Issue: Removable Storage Device Rule on OS X can't block writing to CD/DVD and can't set the CD/DVD to read-only rule. | ||
| 879986 | 9.4.0 | Issue: UAG configuration using LDAP Object Identification - Identify LDAP objects by their name is not supported for Mac clients. Workaround: Use LDAP Object Identification - Identify LDAP objects by SID (Security ID) configuration. |
||
| Issue: Network Communication protection rule and |
||||
| Issue: To reduce memory consumption, the total number of dictionary items that can be used in a policy is limited to 50,000. | ||||
| Issue: To reduce memory and CPU use, the total number of signatures contained in the registered documents package is limited to 1,000,000 signatures that can be placed in a registered document repository. This number is equivalent to about 250 MB of original document content. | ||||
| Issue: Debug logging is only for use with troubleshooting issues because it might affect the performance of the endpoint systems. | ||||
| 1061255 | 9.4.0 | Issue: Endpoint Discovery scheduler with Time Zone Coordinated Universal Time (UTC) on and running McAfee Agent (MA) 5.0.1 runs as Local time on managed systems. Workaround: Use Local time zone on managed systems instead of Coordinated Universal Time (UTC) when using MA 5.0.1. |
||
| 1057480 | Issue: Fixed hard disk rule does not work for drives mounted in an NTFS folder. | |||
| 1034514 | 11.0.130 | Issue: When Run DLP client in Safe Mode configuration is disabled, log on in safe mode and return to normal mode. McAfee Agent sends an error report to ePO that Drivers initialization failed. Workaround: To return the reporting to normal mode, restart client. |
||
| 979613 | Issue: A blue screen error occurs after you create a Plug and Play device rule to block CD/DVD drives on a Windows 8.1 system with Roxio burning software. | |||
| 813264 | Issue: The error message Recycle bin corrupted is displayed when a fixed hard drive rule blocks volumes. Workaround: Enable Access Protection in the policy configuration. |
|||
| Issue: Print Screen blocking rules remain in effect as long as the process that they are tracking is running. Print Screen blocking rules are not affected by window focus. This behavior is expected because a sensitive file that is not in focus can still be visible on the screen. | ||||
| Issue: The network communication protection blocking rule does not block or monitor SMB connections. The reason is because these connections are covered by file system rules. | ||||
| Issue: Multiple application-access events can be listed in the DLP Endpoint monitor. For some applications, such as Microsoft Word, more than one message is generated for a single application access. The reason is because of the application background procedures. | ||||
| Issue: When you disable device blocking, the change only takes effect after you restart the agent computer. Disabling the device blocking probe from the DLP Endpoint Agent configuration does not unblock devices on the agent computer. Devices that were in a blocked state before disabling the device blocking probe remain in the blocked state until unplugged and plugged in again. IMPORTANT: Perform removal of device blocking in emergency cases only. A restart re-enables the devices that were blocked. To achieve the effect of unblocking a specific device class, McAfee recommends that you change the device class to unmanaged. |
||||
| Issue: Screenshots and clipboard rules ignore the Trusted strategy and block Trusted applications as well as Editors. This behavior is expected because trusted processes are not part of the screen capture/clipboard logic. | ||||
| Issue: DLP Endpoint does not interact with IPv6. The Data Loss Prevention IP features do not support it or interfere with it. | ||||
| Issue: Incorrect configuration of the device blocking feature might cause the client computer to malfunction. For example, even though critical devices are normally in the unmanaged devices list, they can be moved to the managed list. McAfee strongly recommends that you test device blocking rules on a subset of computers before mass deployment. | ||||
| Issue: Marking an application as an Internet Explorer application means that the DLP Endpoint Agent disregards any content manipulation by the application. Copy and paste, print screen, and content-based tagging rules do not apply. Use the Explorer strategy only for “Explorer-like" applications, such as shell applications. | ||||
Issue: To avoid performance issues, McAfee recommends the following configuration changes:
|
||||
| 461535 | Issue: Email protection rules are bypassed when the network connection is disabled and Lotus Notes is set to Offline mode. | |||
| 451892 | Issue: A Lotus calendar event with tagged text is only blocked the first time it is sent. If the event is sent a second time, the protection rule is bypassed. | |||
| 406568 | Issue: In Microsoft Outlook, the DLP Endpoint Outlook plug-in can be disabled in COM Add-ins. This setting allows email rules to be bypassed until Outlook is restarted. The Operational Event |
|||
| 1060775 | Issue: When you open Microsoft Excel files from the shortcut menu on a client with Application File Access Protection, with the Microsoft Office Applications condition applied, and the Titus plug-in installed for Microsoft Office, you see an error. Workaround: Open the Excel application by going to File and then Open, or disable DDE for Excel application (on the registry). |
|||
| 348500 | Issue: When you plug a Kingston U3 drive into a computer with a mass storage device, the tagging rule causes high CPU usage for several minutes. The reason is because of large *.u3p files being opened on the drive. Workaround: Add Launchpad.exe to an application group and set the strategy to Trusted. |
|||
| Issue: Software that contains an application-level restriction mechanism, such as virus protection, antispyware, or personal firewall software, must be configured to permit all DLP Endpoint service requests. For example, for the DLP Endpoint Agent to start when Tenebril SpyCatcher is installed, you must add the agent as a trusted application in SpyCatcher. | ||||
| 10.0.300 11.0.130 |
Issue: After you upgrade Windows to Windows 10 RS 1 (Anniversary Update), MFE***.sys is not registered in the Registry under Safe Boot key. So, access protection and network communication protection rules do not work in Safe Mode (minimal and network). Workaround: Upgrade DLP or reinstall. |
|||
| 945247 | Issue: Printing protection rules do not block Word-to-PDF conversions, when the printing application is defined as Microsoft Word. This issue occurs because the application that performs the conversion is not Word, it is Adobe Distiller. Resolution: Define the application as Adobe Distiller in the Application field. |
|||
| Issue: When you upload registered documents, if you try to upload a file with a file name longer than 50 characters, it fails with an error message. The problem occurs because Windows file path has a 256-character limit. DLP Endpoint concatenates the internal path to the file name, which can result in paths longer than the allowed limit. Resolution: Shorten the file name to fewer than 50 characters. |
||||
| Issue: The Block and charge feature is supported only for iPhone 4 and later. There is no workaround. Earlier iPhones can only be blocked. | ||||
| 1226226 | KB89089 | 11.0.0 | Issue: DLP Endpoint 11.x.x does not support Web Protection, Clipboard Protection, and Printing protection for Microsoft Edge v42. Also, DLP Endpoint versions older than 11.0.200 do not support Web Protection for Microsoft Edge v40 and v41. | |
| 1240128 | 11.0.400 | 11.0.500 | Issue: Microsoft Office applications, such as Word, Excel, and PowerPoint, do not respond when an Application File Access rule is set to block or monitor a classified file. Resolution: Add Microsoft Office applications to the Content Tracking Whitelisted Processes in client configuration. And add the folder |
|
| 1245376 | 11.0.500 | 11.1.0 | Issue: False positive incidents occur when a Plug and Play device rule or a Removable Storage Device Rule:
|
|
| 1253012 | 11.0.200 | 11.0.700 | Issue: An error appears in the Windows 10 Event Viewer shows one or more of the following:
|
Back to top
There are currently no critical known issues.
Non-critical
| Reference Number | Related Article | Found in Version | Resolved in Version | Issue Description |
| DLPO-3029 | - | 11.3.000 | - | Issue: Redacted data is visible when the DLP incidents are displayed in a report. Workaround: For the redacted users, deny permissions to Queries and report. |
| 1268509 | - | 11.1.100 | 11.2.000 | Issue: DLP Server is unable to synchronize "RegDocs" packages from the evidence share and shows access denied for local system account user. Workaround: Grant permissions (at least Read rights) to the DLP Server’s local system account user to access the evidence share. |
| 1136118 | - | Issue: DLP Discover is not reported as reporting product in Incident Manager. | ||
| 1090520 | - | Issue: You see the Restore from file button, but, when you click it nothing happens. Workaround: Click Browse, browse to the backup file, click Restore from file, and then click Save. |
||
| 1127581 | - | Issue: Failure reason: General error incorrectly displayed when user permission is insufficient to access a site. | ||
| 1121738 | - | Issue: Apply RMS fails when user profile is not loaded correctly. | ||
| 1143438 | - | Issue: DOCREADME BOX, redirect URI in box app needs to be the same as the ePO web address. | ||
| 1264942 | - | 11.1.100 | Issue: The DLP Discover OCR module's rate of accuracy when it extracts some Asian languages is inconsistent. Solution: This issue will be addressed in a future update to DLP Discover. Further information is unavailable. |
There are currently no critical known issues.
Non-critical
Back to top
Non-critical
| Reference Number | Related Article | Found in Version | Resolved in Version | Issue Description |
| TSDP-3727, TSDP-3912, TSDP-24 | - | 11.4 | - | Issue: In the ePO, the Appliance Management page shows "Unable to contact" alert for one or more DLP Prevent or DLP Monitor appliances. Cause: The appliance is unable to contact ePO due to communication breakdown between MCA and MA on the appliance. The deadlock within MCA causes the breakdown. Workaround: Restart the MCA process every hour so that any deadlock is automatically cleared without the need of manual intervention or reboot. For workaround installation details, contact support. |
| DLPO-3029 | - | 11.3.000 | - | Issue: Redacted data is visible when the DLP incidents are displayed in a report. Workaround: For the redacted users, deny permissions to Queries and report. |
| 1264968 | - | 11.0.700 | 11.2.000 | Issue: The Linux " |
| 1266348 | - | 11.0.700 | 11.2.000 | Issue: The Secure Shell (SSH) Host keys are not preserved after upgrade. |
| 1198676 | 11.0.0 | 11.0.200 | Issue: Sender information in Incident Manager displays a MIME header encoded line as is. | |
| 1192249 | 10.0.200 | 11.0.200 | Issue: Unable to view file name on Incident Manager when attachment file name has double bytes characters. | |
| 1195163 | 10.0.202 | 11.0.200 | Issue: 400 bad request sent from DLP Prevent 10 when Preview Header is located in TCP Stream. | |
| 1193589 | 11.0.0 | 11.0.200 | Issue: Can't change password from "space here". | |
| 1205545 | 10.0.204 | 11.0.200 | Issue: ICAP Preview fails for body greater than Preview size. | |
| 1202417 | 10.0.200 | 11.0.200 | Issue: Users able to send restricted emails in certain AD Groups. | |
| 1202683 | 11.0.0 | 11.0.200 | Issue: Timeout issues getting ePO policy/applying config. | |
| 1203669 | 10.0.200 | 11.0.200 | Issue: User group field is not populated in |
|
| 1204331 | 10.0.101 | 11.0.200 | Issue: DLP Prevent can't upload to evidence server which has SMBv1 disabled. | |
| 1205892 | 10.0.203 | 11.0.200 | Issue: DLP Prevent 10 generates several incidents for one violation. | |
| 1206520 | 11.0.0 | 11.0.200 | Issue: Processing of large DLP Prevent/Monitor policy configurations takes an excessively long amount of time to apply. | |
| 1206927 | 10.0.200 | 11.0.200 | Issue: No SNMP traps generated for "Data Loss Prevented" objects. | |
| 1207482 | 10.0.101 | 11.0.200 | Issue: An Outlook related issue causes .eml files to render incorrectly from the evidence page. | |
| 1199994 | 11.0.0 | 11.0.200 | Issue: DLP Prevent does not trigger a rule based on the classification using "Count each match string only one time". | |
| 1205024 | 10.0.203 | 11.0.200 | Issue: DLP Prevent can't detect custom properties of a .PDF file. | |
| 1211093 | 10.0.204 | 11.0.200 | Issue: Internal rescue image does not update to the new build. | |
| 1213643 | 11.0.0 | 11.0.200 | Issue: OPG2CSF.xsl doesn't ignore the obsolete true file type condition "Password protected files". | |
| 1215265 | 11.0.0 | 11.0.200 | Issue: Messages with multiple recipients are not delivered to all recipients. | |
| 1216163 | 11.0.0 | 11.0.300 | Issue: DLP Prevent recognizes application/json as text files in classification. | |
| 1221793 | 11.0.200 | 11.0.300 | Issue: Passwords stored in plain texts and recorded in the system log. | |
| 1225394 | 11.0.0 | 11.0.300 | Issue: SNMP v3 does not work because of a possible long EngineID and same system name. | |
| 1227363 | 11.0.200 | 11.0.300 | Issue: Admin user using sudo requires further restrictions on:
|
|
| 1229600 | 11.0.200 | 11.0.300 | Issue: Domain-based LDAP config fails if first server synchronized with is unreachable. | |
| 1229612 | 10.0.206 | 11.0.300 | Issue: CSE Spin detection returns a 451. | |
| 1230003 | 11.0.200 | 11.0.300 | Issue: Incorrect Source/Destination IP address reported in incidents. | |
| 1221981 | 11.0.200 | 11.0.300 | Issue: Policy pushed from ePo to DLP Prevent/Monitor is not applied CSF Validation Error. | |
| 1228471 | 11.0.200 | 11.0.300 | Issue: ICAP errors on secondary LDAP server. | |
| 1228835 | 10.0.206 | 11.0.300 | Issue: SCAN_TIMEOUT returns a 451. | |
| 1213380 | 11.0.0 | 11.0.300 | Issue: Incident Manager displays file name with path information. | |
| 1216571 | 11.0.0 | 11.0.300 | Issue: Invalid "excluded" regex patterns in classifications do not cause policy validation failure. | |
| 1217336 | 10.0.200 | 11.0.300 | Issue: An invalid LDAP server causes all others to be marked as not available. | |
| 1219425 | 11.0.0 | 11.0.300 | Issue: DLP Appliance fails to connect through SMB2 protocol when you upload evidence to the NetApp share. | |
| 1219975 | 11.0.200 | 11.0.300 | Issue: Import_ssl_cert script requires root to run. | |
| 1224289 | 11.0.0 | 11.0.300 | Issue: Kernel Update for Meltdown and |
|
| 1219660 | 10.0.0 | 11.0.300 | Issue: When proxy is integrated with DLP using ICAP, upload of any file larger than 1 GB fails. | |
| 1226418 | 11.0.0 | 11.0.300 | Issue: Incidents have incorrect data for source/destination fields. | |
| 1225622 | 10.0.206 | 11.0.300 | Issue: Invalid character in local part of Offending data causes SMTP process to quit. | |
| 1227475 | 11.0.0 | 11.0.300 | Issue: PGP encrypted files are not detected as password protected files. | |
| 1211945 | 11.0.0 | 11.0.300 | Issue: Unable to clear older active alerts from appliance management. | |
| 1218553 | 10.0.200 | 11.0.300 | Issue: Quit on recipient addresses with a long local part. | |
| 1234721 | 11.0.200 | 11.0.300 | Issue: Large number of ICAP connections cause slow internet connections. | |
| 1234603 | 11.0.202 | 11.0.301 | Issue: Discrepancy between local SSH config and SSH config from ePO policy. | |
| 1236931 | 11.0.0 | 11.0.301 | Issue: Vulnerabilities reported in OpenSSL. | |
| 1237682 | 11.0.200 | 11.0.301 | Issue: Real-time lookups cause high CPU on domain controllers. | |
| 1238505 | 11.0.200 | 11.0.301 | Issue: Evidence server user account is locked out every five minutes. | |
| 1241242 | 11.0.300 | 11.0.301 | Issue: Users and groups page shows no registered servers. | |
| 1242205 | 11.0.201 | 11.0.301 | Issue: Error in system management. Policy could not be enforced NDLP11. | |
| 1245425 | 11.0.301 | 11.0.302 | Issue: SMB client workgroup is now configured to the evidence share user domain. | |
| 1234340 | 11.0.202 | 11.0.302 | Issue: Non-clean shutdown corrupts agent databases and makes the appliance unmanageable. | |
| 1216182 | 11.0.102 | 11.0.302 | Issue: Evidence queue builds up and does not parse. | |
| 1228792 | 11.0.200 | 11.0.302 | Issue: ICAP protocol conversation error|5|act= app=icap msg=LDAP user name that corresponds to email address is not resolved. | |
| 1243404 | 11.0.200 | 11.0.302 | Issue: SNMP traps severity incorrect. | |
| 1249465 | 11.0.302 | Issue: DLP Monitor rules do not trigger properly when there were multiple HTTP requests on the same connection. | ||
| 1244007 | 11.0.302 | Issue: File extension classifications do not work on Outlook Web Access and Gmail attachments. | ||
| 1244475 | 11.0.302 | Issue: High memory usage by |
||
| 1247656 | 11.0.302 | Issue: Email recipient details in ePO incident do not show "DisplayName <email@address>". | ||
| 1249482 | 11.0.302 | Issue: DLP Operational event shows policy change event on Policy Enforcement Interval even if there is no change. | ||
| 1249705 | 11.0.302 | Issue: Appliance Management alerts are sometimes not cleared and report old status. | ||
| 1249983 | 11.0.400 | 11.1.0 | Issue: Incidents contain "Short Match String" even when Report Short Match String is disabled in the policy settings. | |
| 1256599 | 11.0.300 | 11.0.700 | Issue: Manual classification not working with PNG and TIFF files. | |
| 1255895 | 11.0.300 | 11.0.601 | Issue: When polling the remote syslog system, it returns critical. | |
| 1256562 | 11.0.300 | 11.1.100 | Issue: Wrong action can be taken if rules only involve classifications in attachments. | |
| 1256964 | 11.1.0 | 11.1.100 | Issue: The oldest record counter for ePO is incorrect on an appliance with capture disabled. | |
| 1257863 | 11.1.0 | 11.1.100 | Issue: |
|
| 1258217 | 11.1.0 | 11.1.100 | Issue: Policy alerts are not generated on the appliance. | |
| 1258568 | 11.1.0 | 11.1.100 | Issue: copy_file_writer writes out null values rather than sensible defaults. | |
| 1260145 | 11.0.300 | 11.0.700 | Issue: |
|
| 1261900 | 11.1.0 | 11.1.100 | Issue: Multiple masters appear in DLP VM appliances. | |
| 1262801 | 11.0.200 | 11.0.700 | Issue: Clickjacking vulnerability. | |
| 1263830 | 11.0.300 | 11.0.700 | Issue: Dictionary classification does not work. Counts each match string only one time. |
Back to top
There are currently no critical known issues.
Non-critical
Back to top
Non-critical
| Reference Number | Related Article | Found in Version | Resolved in Version | Issue Description |
| TSDP-3727, TSDP-3912, TSDP-24 | - | 11.4 | - | Issue: In the ePO, the Appliance Management page shows "Unable to contact" alert for one or more DLP Prevent or DLP Monitor appliances. Cause: The appliance is unable to contact ePO due to communication breakdown between MCA and MA on the appliance. The deadlock within MCA causes the breakdown. Workaround: Restart the MCA process every hour so that any deadlock is automatically cleared without the need of manual intervention or reboot. For workaround installation details, contact support. |
| DLPO-3029 | - | 11.3.000 | - | Issue: Redacted data is visible when the DLP incidents are displayed in a report. Workaround: For the redacted users, deny permissions to Queries and report. |
| 1264968 | - | 11.0.700 | 11.2.000 | Issue: The Linux " |
| 1266348 | - | 11.0.700 | 11.2.000 | Issue: The Secure Shell (SSH) Host keys are not preserved after upgrade. |
| 1198676 | 11.0.0 | 11.0.200 | Issue: Sender information in Incident Manager displays a MIME header encoded line as is. | |
| 1192249 | 10.0.200 | 11.0.200 | Issue: Unable to view file name on Incident Manager when the attachment file name has double bytes characters. | |
| 1195163 | 10.0.202 | 11.0.200 | Issue: 400 bad request sent from DLP Prevent 10 when the Preview Header is located in TCP |
|
| 1193589 | 11.0.0 | 11.0.200 | Issue: Can't change the password from "space here". | |
| 1205545 | 10.0.204 | 11.0.200 | Issue: ICAP Preview fails for body greater than Preview size. | |
| 1202417 | 10.0.200 | 11.0.200 | Issue: Users able to send restricted emails in certain AD Groups. | |
| 1202481 | 11.0.0 | 11.0.200 | Issue: Rules matching on email address regular expressions are case sensitive. | |
| 1202683 | 11.0.0 | 11.0.200 | Issue: Timeout issues getting ePO policy/applying configuration. | |
| 1203669 | 10.0.200 | 11.0.200 | Issue: User group field is not populated in queries and reports, but shows up in Incident Manager. | |
| 1204331 | 10.0.101 | 11.0.200 | Issue: DLP Prevent can't upload to evidence server which has SMBv1 disabled. | |
| 1205892 | 10.0.203 | 11.0.200 | Issue: DLP Prevent 10 generates several incidents for one violation. | |
| 1206520 | 11.0.0 | 11.0.200 | Issue: Processing of large DLP Prevent/Monitor policy configurations takes an excessively long amount of time to apply. | |
| 1206927 | 10.0.200 | 11.0.200 | Issue: No SNMP traps generated for "Data Loss Prevented" objects. | |
| 1207482 | 10.0.101 | 11.0.200 | Issue: An Outlook related issue causes .eml files to render incorrectly from the evidence page. | |
| 1199994 | 11.0.0 | 11.0.200 | Issue: DLP Prevent does not trigger a rule based on the classification using "Count each match string only one time". | |
| 1205024 | 10.0.203 | 11.0.200 | Issue: DLP Prevent can't detect custom properties of a PDF file. | |
| 1208258 | 11.0.0 | 11.0.200 | Issue: DLP Monitor appliance crashes when it handles IPv4 packets that contain the address 0.0.0.0. | |
| 1211093 | 10.0.204 | 11.0.200 | Issue: Internal rescue image does not update to the new build. | |
| 1213643 | 11.0.0 | 11.0.200 | Issue: OPG2CSF.xsl does not ignore the obsolete true file type condition "Password protected files." | |
| 1215265 | 11.0.0 | 11.0.200 | Issue: Messages with multiple recipients are not delivered to all recipients. | |
| 1216163 | 11.0.0 | 11.0.300 | Issue: DLP Prevent recognizes application/json as text files in classification. | |
| 1221793 | 11.0.200 | 11.0.300 | Issue: Passwords stored in plain texts and recorded in the system log. | |
| 1223688 | 11.0.200 | 11.0.300 | Issue: DLP Monitor does not treat decrypted HTTPS traffic as HTTP traffic when it reviews for policy violations. | |
| 1225394 | 11.0.0 | 11.0.300 | Issue: SNMP v3 does not work because of a possible long EngineID and same system name. | |
| 1227363 | 11.0.200 | 11.0.300 | Issue: Admin user using sudo requires further restrictions on:
|
|
| 1229600 | 11.0.200 | 11.0.300 | Issue: Domain-based LDAP config fails if first server synchronized with is unreachable. | |
| 1229612 | 10.0.206 | 11.0.300 | Issue: CSE Spin detection returns a 451. | |
| 1230003 | 11.0.200 | 11.0.300 | Issue: Incorrect Source/Destination IP address reported in incidents. | |
| 1221981 | 11.0.200 | 11.0.300 | Issue: Policy pushed from ePo to DLP Prevent/Monitor is not applied CSF Validation Error. | |
| 1228471 | 11.0.200 | 11.0.300 | Issue: ICAP errors on secondary LDAP server. | |
| 1228835 | 10.0.206 | 11.0.300 | Issue: SCAN_TIMEOUT returns a 451. | |
| 1213380 | 11.0.0 | 11.0.300 | Issue: Incident Manager displays file name with path information. | |
| 1216571 | 11.0.0 | 11.0.300 | Issue: Invalid "excluded" regex patterns in classifications do not cause policy validation failure. | |
| 1217336 | 10.0.200 | 11.0.300 | Issue: An invalid LDAP server causes all others to be marked as not available. | |
| 1219425 | 11.0.0 | 11.0.300 | Issue: DLP Appliance fails to connect through SMB2 protocol when you upload evidence to the NetApp share. | |
| 1219975 | 11.0.200 | 11.0.300 | Issue: Import_ssl_cert script requires root to run. | |
| 1224289 | 11.0.0 | 11.0.300 | Issue: Kernel Update for Meltdown and |
|
| 1219660 | 10.0.0 | 11.0.300 | Issue: When proxy is integrated with DLP using ICAP, upload of any file larger than 1 GB fails. | |
| 1226418 | 11.0.0 | 11.0.300 | Issue: Incidents have incorrect data for source/destination fields. | |
| 1225622 | 10.0.206 | 11.0.300 | Issue: Invalid character in local part of Offending data causes SMTP process to quit. | |
| 1227475 | 11.0.0 | 11.0.300 | Issue: PGP encrypted files are not detected as password protected files. | |
| 1211945 | 11.0.0 | 11.0.300 | Issue: Unable to clear older active alerts from appliance management. | |
| 1218553 | 10.0.200 | 11.0.300 | Issue: Quit on recipient addresses with a long local part. | |
| 1234721 | 11.0.200 | 11.0.300 | Issue: Large number of ICAP connections causes slow internet connections. | |
| 1234603 | 11.0.202 | 11.0.301 | Issue: Discrepancy between local SSH config and SSH config from ePO policy. | |
| 1236931 | 11.0.0 | 11.0.301 | Issue: Vulnerabilities reported in OpenSSL. | |
| 1237682 | 11.0.200 | 11.0.301 | Issue: Real-time lookups cause high CPU on domain controllers. | |
| 1238505 | 11.0.200 | 11.0.301 | Issue: Evidence server user account is locked out every five minutes. | |
| 1241242 | 11.0.300 | 11.0.301 | Issue: Users and groups page shows no registered servers. | |
| 1242205 | 11.0.201 | 11.0.301 | Issue: Error in system management. Policy could not be enforced NDLP11. | |
| 1245425 | 11.0.301 | 11.0.302 | Issue: SMB client workgroup is now configured to the evidence share user domain. | |
| 1234340 | 11.0.202 | 11.0.302 | Issue: Non-clean shutdown corrupts agent databases and makes the appliance unmanageable. | |
| 1216182 | 11.0.102 | 11.0.302 | Issue: Evidence queue builds up and does not parse. | |
| 1228792 | 11.0.200 | 11.0.302 | Issue: ICAP protocol conversation error|5|act= app=icap msg=LDAP user name that corresponds to email address is not resolved. | |
| 1243404 | 11.0.200 | 11.0.302 | Issue: SNMP traps severity incorrect. | |
| 1249465 | 11.0.302 | Issue: DLP Monitor rules do not trigger properly when there were multiple HTTP requests on the same connection. | ||
| 1244007 | 11.0.302 | Issue: File extension classifications do not work on Outlook Web Access and Gmail attachments. | ||
| 1244475 | 11.0.302 | Issue: High memory usage by |
||
| 1247656 | 11.0.302 | Issue: Email recipient details in ePO incident do not show "DisplayName <email@address>". | ||
| 1249482 | 11.0.302 | Issue: DLP Operational event shows policy change event on Policy Enforcement Interval even if there is no change. | ||
| 1249705 | 11.0.302 | Issue: Appliance Management alerts are sometimes not cleared and report old status. | ||
| 1256599 | 11.0.300 | 11.0.700 | Issue: Manual classification does not work with PNG and TIFF files. | |
| 1259189 | 11.1.0 | 11.1.100 | Issue: ms_dpi fails to start when hosted on certain ESX platforms. | |
| 1260145 | 11.0.300 | 11.0.700 | Issue: |
|
| 1262144 | 11.1.0 | 11.1.100 | Issue: Incidents Generated on DLP Monitor Display Multiple Classifications That Are Not Configured in Web Post Protection Rule. | |
| 1262801 | 11.0.200 | 11.0.700 | Issue: Clickjacking vulnerability. | |
| 1263830 | 11.0.300 | 11.0.700 | Issue: Dictionary classification does not work. Counts each match string only one time. |
Back to top
| Reference Number | Related Article | Found in Version | Resolved in Version | Issue Description |
| TSDP-3573 | KB91834 | 11.3 and prior | 11.3.11 and later | Issue: The incidents are not being imported from MVISION Cloud to DLP Incident Manager. |
| Issue: When you restore a policy including the Prevent action Encrypt by FRP, you must reselect the key. | ||||
| Issue: When you upgrade a DLP Endpoint extension, add conhost.exe and dllhost.exe to the Application file access whitelist process in Client Configuration. | ||||
| Issue: The DLP Endpoint 10.x ePO extension might fail to install if the 9.3.x help extension is already checked in. Workaround: Only one help extension can be checked in at one time. You must remove the 9.3.x help extension to install the 10.x help extension. |
||||
| Issue: When you upload registered documents, if you try to upload a file with a file name longer than 50 characters, it fails with an error message. The problem occurs because Windows file path has a 256-character limit. DLP Endpoint concatenates the internal path to the file name, which can result in paths longer than the allowed limit. Resolution: Shorten the file name to fewer than 50 characters. |
||||
| Issue: DLP Email Protection is disabled if Titus Email Classification is used and the Titus license expires. Workaround: Deselect the Titus support checkbox in the Advanced Configuration tab in the Agent configuration. |
||||
| Issue: After you import DLP Endpoint 9.4 MAC Policy to DLP Endpoint 10.0, you must reassign the MAC policies and MAC configuration to its System Tree nodes in the new environment. You must also make these reassignments after you upgrade from DLP Endpoint 9.4 to DLP Endpoint 10.0. | ||||
| Issue: The write permissions set for the whitelist folder should be enabled only for the DLP administrator. | ||||
| Issue: The DLP Endpoint 10.x ePO extension might fail to install if the 9.3.x help extension is already checked in. Workaround: Only one help extension can be checked in at one time. You must remove the 9.3.x help extension to install the 10.x help extension. |
||||
| 1034291 | Issue: Reoccurring quarantined placeholder events generate an error when you try to open them through open this occurrence. Workaround: The option open this series does not display the error. Also, after the events are released from quarantine, the error no longer appears. |
|||
| 1066784 | Issue: Queries and Reports: Incident count displays an incorrect value for DLP: No of incidents per rule set if multiple rules hit the same file on a rule set. | |||
| 1246454 | 11.0.500 | Issue: Incidents contain "Short Match String" even when Report Short Match String is disabled in the policy settings. | ||
| 1257017 | 11.1.0 | Issue: An attempt to restore a DLP 9.4 backup that includes classification criteria which checks for True File Type equals Password Protected files fails. The failure occurs when the DLP ePO extension uses a DLP Prevent license or a DLP Monitor license. The failure also occurs if the DLP Skyhigh connection is enabled. Workaround: Restore the DLP backup into a DLP ePO extension that does not contain the licenses mentioned. Also, replace the classification criteria that checks for True File Type equals Password Protected files. Set the criteria to look for a File Encryption type equal to Unsupported Encryption types or password protected files. If the classification criteria has been modified, create a new DLP backup. |
Non-critical
| Reference Number | Related Article | Found in Version | Resolved in Version | Issue Description |
| Issue: When you restore a policy that includes the Prevent action Encrypt by FRP, you must reselect the key. | ||||
| Issue: When you upgrade a DLP Endpoint extension, add conhost.exe and dllhost.exe to the Application file access whitelist process in Client Configuration. | ||||
| 1034291 | Issue: Reoccurring quarantined placeholder events generate an error when you try to open them through open this occurrence. Workaround: The option open this series does not display the error. Also, after the events are released from quarantine, the error no longer appears. |
|||
| Issue: DLP Email Protection is disabled if Titus Email Classification is used and the Titus license expires. Workaround: Deselect the Titus support checkbox in the Advanced Configuration tab in the Agent configuration. |
||||
| Issue: After you import DLP Endpoint 9.4 MAC Policy to DLP Endpoint 10.0, you must reassign the MAC policies and MAC configuration to its System Tree nodes in the new environment. You must also make these reassignments after you upgrade from DLP Endpoint 9.4 to DLP Endpoint 10.0. | ||||
| 1066784 | Issue: Queries and Reports: Incident count displays an incorrect value for DLP: No of incidents per rule set if multiple rules hit the same file on a rule set. | |||
| Issue: The write permissions set for the whitelist folder should be enabled only for the DLP administrator. |
There are currently no critical known issues.
Non-critical
Non-critical
There are currently no non-critical known issues.
Affected Products
Languages:
This article is available in the following languages:
GermanEnglish United States
Spanish Spain
French
Italian
Japanese
Korean
Dutch
Portuguese Brasileiro
Chinese Simplified
Chinese Traditional
