>
    Strata Copilot
    Known Issues in Endpoint DLP
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Release Notes
    4. Known Issues in Endpoint DLP
    Download PDF
    Enterprise DLP

    Known Issues in Endpoint DLP

    Table of Contents

    Known Issues in Endpoint DLP

    Known issues for Endpoint DLP.

    DSS-17795

    Enterprise DLP returns the previously cached verdict in DLP Incidents (ManageConfigurationData Loss PreventionDLP Incidents) when traffic matches the same Endpoint DLP policy rule if Optical Character Recognition (OCR) (ManageConfigurationData Loss PreventionDetection MethodsOptical Character Recognition) is first disabled and then enabled, or vice versa.
    For example, you have Policy Rule A Action configured to Alert when traffic containing sensitive data is detected. You also have OCR disabled. Traffic is evaluated against Policy Rule A and not sensitive data is detected so Enterprise DLP returns a Scan Not Match verdict.
    Later you change the Action for Policy Rule A to Block and enable OCR. Traffic is again evaluated against Policy Rule A but sensitive data is detected. In this case, the DLP Incident erroneously displays the verdict as Scan Not Match.

    DSS-18161

    The log View link in an Endpoint DLP Incident (ManageConfigurationData Loss PreventionDLP Incidents) redirects the user to the Strata Cloud Manager Command Center Log Viewer (Incidents and AlertsLog Viewer) with no filters applied to view the log details for the incident being investigated.
    Workaround: Manually apply the following filters in the Log Viewer.
    1. For the Log Type, select Endpoint/Troubleshooting (Prisma Access Agent)
    2. For the filter query, enter sub_type.value='dlp'

    PANG-8539

    Prisma Access Agent 25.3.1 randomizes the filename when the end user prints directly from a third party app such as Sublime Text Editor. As a result, Endpoint DLP incidents generated against the printed file display the filename containing randomized numbers and letters.

    PANG-8202

    When Prisma Access Agent 25.3.1 is installed on a macOS endpoint, and Endpoint DLP is actively processing a print operation while awaiting a verdict from Enterprise DLP, any subsequent print operations initiated during this interval will not be detected or queued by Prisma Access Agent.

    PANG-8201

    Prisma Access Agent 25.3.1 erroneously sends files exceeding the Endpoint DLP Alert and Block Scan Limit Max File Size settings to Enterprise Data Loss Prevention (E-DLP) instead of taking the action configured for the Action When File Size Exceeds Scan Limit setting.

    © 2025 Palo Alto Networks, Inc. All rights reserved.