>
    Strata Copilot
    Known Issues in Endpoint DLP
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Release Notes
    4. Known Issues in Endpoint DLP
    Download PDF
    Enterprise DLP

    Known Issues in Endpoint DLP

    Table of Contents

    Known Issues in Endpoint DLP

    Known issues for Endpoint DLP.

    DSS-17795

    Enterprise DLP returns the previously cached verdict in DLP Incidents (ManageConfigurationData Loss PreventionDLP Incidents) when traffic matches the same Endpoint DLP policy rule if Optical Character Recognition (OCR) (ManageConfigurationData Loss PreventionDetection MethodsOptical Character Recognition) is first disabled and then enabled, or vice versa.
    For example, you have Policy Rule A Action configured to Alert when traffic containing sensitive data is detected. You also have OCR disabled. Traffic is evaluated against Policy Rule A and not sensitive data is detected so Enterprise DLP returns a Scan Not Match verdict.
    Later you change the Action for Policy Rule A to Block and enable OCR. Traffic is again evaluated against Policy Rule A but sensitive data is detected. In this case, the DLP Incident erroneously displays the verdict as Scan Not Match.

    PANG-9641

    Endpoint DLP generates an additional incident for every file moved from a local device to a USB peripheral device when the file has exFAT file system enabled.

    PANG-9529

    Endpoint DLP generates an additional incident for every write operation from a Microsoft Office application to a network share peripheral device when the write operation contains sensitive data that matches your Endpoint DLP policy rule.

    PANG-9112

    This issue is addressed in Prisma Access Agent version 25.6.2.2.
    The Excel app open but becomes unresponsive when opening or editing files stored in OneDrive while the Prisma Access Agent is running with Endpoint DLP policies rules enabled due.

    PANG-9102

    This issue is addressed in Prisma Access Agent version 25.6.2.2.
    Microsoft Office applications, such as Excel and Microsoft Word, fail to open files from network shares or USB drives on the local device when customers have Endpoint DLP was enabled on the Prisma Access Agent.

    PANG-8539

    Prisma Access Agent 25.3.1 randomizes the filename when the end user prints directly from a third party app such as Sublime Text Editor. As a result, Endpoint DLP incidents generated against the printed file display the filename containing randomized numbers and letters.

    PANG-8202

    When Prisma Access Agent 25.3.1 is installed on a macOS endpoint, and Endpoint DLP is actively processing a print operation while awaiting a verdict from Enterprise DLP, any subsequent print operations initiated during this interval will not be detected or queued by Prisma Access Agent.

    PANG-8201

    Prisma Access Agent 25.3.1 erroneously sends files exceeding the Endpoint DLP Alert and Block Scan Limit Max File Size settings to Enterprise Data Loss Prevention (E-DLP) instead of taking the action configured for the Action When File Size Exceeds Scan Limit setting.

    © 2025 Palo Alto Networks, Inc. All rights reserved.