Discover Scan Stuck in Status "Loading Policies" in Data Loss Prevention Enforce Console
Last Updated August 28, 2018
The Discover scan is stuck in status “loading policies” with no evidence that there is an issue and will remain in that state for a long period of time using Symantec Data Loss Prevention (DLP) Enforce console. Discover scan_details log was empty and no symptoms were observed apart from the slow scanning performance. If all policies are withdrawn except for a single keyword policy the Discover scan will complete as expected.
Discover scan status shows "Loading Policies" in Enforce console.
This can occur when the Discover server assigned the scan does not have enough resources to load the configured policies. Detection Technologies such as Indexed Document Matching (IDM) and Exact Data Matching (EDM) can require significant resources (GB) of RAM for large data sets.
Disable the IDM or EDM based policies, restart monitor controller, and start the scan again. If the scan starts without any errors then asses if the database profile is the problem or the lack of system resources. Performance tuning on the Discover server may have to be performed to prevent further scan issues.
Check if there are IDM or EDM based policies applied. The IDM or EDM database profiles could be corrupted or the policies are too large for the DLP implementation. Adjustments to Java Heap may also have to be done as the initial settings may be to low and cause issues with loading the policies.