When a modified prevention policy is applied to an agent, customer is getting an error "Unable to lookup id: xxxxxx".
Unable to lookup id
The policy has been applied to a machine where specified account doesn't exit. The error simply means that the user cannot be found.
Any user account defined in some part of Detection and/or Prevention policy must exists on the target system or in active directory domain (if your target system is a domain member)
Edit the policy & search for the username & confirm it exists in the policy. In this case, either you need to create a local user on the target machine or in Active Directory domain.
You can also add a minus sign (-) before the user (no space between the minus sign and the data). It will make it optional. This is also applicable for groups (OU's), lists, and other items in the prevention policy.
Applies To
Windows Server 2003, 2008