When reviewing the FileReader0.log file the following error appears:
Apr 21, 2009 11:17:53 PM com.vontu.directorycrawler.DiscoverNativeFile handleError
WARNING: Native informations of file '\\somecomputer\someshare\somefile' couldn't be retrieved: GetNamedSecurityInfo error: Access DeniedThe filename, directory name, or volume label syntax is incorrect.
Correlate the error in FileReader log with the ScanDetail log, and check to see if the file was actually scanned:
ScanDetail log
"Apr 21, 2009 11:17:53 PM","INFO","scan name 04/21/09 - 8:00 PM","COMPLETED_ITEM","//somecomputer\someshare\somefile' ","268800","","","",""
The reason for this error is that the target share is not allowing SID lookup. A way to correct this problem is to do the lookup from the discover server itself.
Update the crawler.properties config file, which is located in:
Windows:
X:\Program Files\Symantec\DataLossPrevention\DetectionServer\<version>\Protect\config
Linux:
/opt/Symantec/DataLossPrevention/DetectionServer/<version>/Protect/config
Change the following config value from 'false' to 'true'.
filesystemcrawler.localusernamelookup = true
Restart the Symantec DLP Detection Server Service after making this change.