>
    Known Issues in Endpoint DLP
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Known Issues in Endpoint DLP
    Download PDF
    Enterprise DLP

    Known Issues in Endpoint DLP

    Table of Contents

    Known Issues in Endpoint DLP

    Known issues for Endpoint DLP.

    DSS-17795

    Enterprise DLP returns the previously cached verdict in DLP Incidents (ManageConfigurationData Loss PreventionDLP Incidents) when traffic matches the same Endpoint DLP policy rule if Optical Character Recognition (OCR) (ManageConfigurationData Loss PreventionDetection MethodsOptical Character Recognition) is first disabled and then enabled, or vice versa.
    For example, you have Policy Rule A Action configured to Alert when traffic containing sensitive data is detected. You also have OCR disabled. Traffic is evaluated against Policy Rule A and not sensitive data is detected so Enterprise DLP returns a Scan Not Match verdict.
    Later you change the Action for Policy Rule A to Block and enable OCR. Traffic is again evaluated against Policy Rule A but sensitive data is detected. In this case, the DLP Incident erroneously displays the verdict as Scan Not Match.

    DSS-18161

    The log View link in an Endpoint DLP Incident (ManageConfigurationData Loss PreventionDLP Incidents) redirects the user to the Strata Cloud Manager Command Center Log Viewer (Incidents and AlertsLog Viewer) with no filters applied to view the log details for the incident being investigated.
    Workaround: Manually apply the following filters in the Log Viewer.
    1. For the Log Type, select Endpoint/Troubleshooting (Prisma Access Agent)
    2. For the filter query, enter sub_type.value='dlp'

    PANG-5823

    The Prisma Access Agentt gets stuck inspecting files, and is unable to complete inspection, when you copy a file from an endpoint to a USB or Network Share peripheral using Microsoft Powershell when a parent process spawns extremely short lived child processes.

    PANG-5828

    The Prisma Access Agent is unable to receive Endpoint DLP configuration and policy rules pushed from Strata Cloud Manager after the macOS endpoint wakes up from sleep mode.
    Workaround: Restart the WiFi on the endpoint or reboot the endpoint.

    © 2024 Palo Alto Networks, Inc. All rights reserved.