Possible incident data corruption for Data Loss Prevention 12.5 and 14
Last Updated January 14, 2016
Symantec has identified a Data Loss Prevention issue in which data can be corrupted and non-recoverable. The purpose of this alert is to notify you of the problem, and to provide you with information that you can use to prevent the problem.
The issue described here applies to versions 12.5.x and 14.0.x.
Under certain circumstances, incident data is encrypted but cannot be decrypted. The issue arises only for deployments in which an Endpoint Server or Endpoint channel is added. For such deployments, the original cryptographic key that encrypted incident data can be overwritten and no longer available to decrypt the incident data. The incident data affected by this problem cannot be recovered.
While the issue is related to adding an Endpoint Server or Endpoint channel, all incident types (not just Endpoint) are affected.
Symptoms include a yellow banner error message appears in the Enforce Server administration console, indicating an error highlighting violating text for an incident; and garbled text in the incident snapshot.
For further details about the issue and for steps to take to avoid the problem, see the Data Loss Prevention Knowledgebase article, "Corrupted incidents and incident data due to cryptographic key issues," at www.symantec.com/docs/TECH232921
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe