In the Symantec DLP UI, navigate to System => Servers and Detectors => Overview
In the row for the Enforce Server, the column 'Incident Queue' is not zero. There are no *.idc files in the /incidents folder. Where are those incidents?
An incident is received by the SymantecDLPDetectionServerController, which puts them into files in the incidents folder.
The SymantecDLPIncidentPersister then picks up the files and puts the incidents into the database.
The SymantecDLPNotifier service notifies the SymantecDLPManager service of the new incidents.
The SymantecDLPManager service then takes the incidents and applies any lookup operations and applies any policy rule, required changes, and any Enforce level response rules operations.
When the 'Incident Queue' is greater than zero the incidents have been persisted into the database, but have not been processed by the SymantecDLPManager service. They are in the database, but in an incomplete state.