DLP Network Monitor encounters long message wait times while files accumulate under DROP_PCAP folder.
search cancel

DLP Network Monitor encounters long message wait times while files accumulate under DROP_PCAP folder.

book

Article ID: 160972

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor Data Loss Prevention

Issue/Introduction

Messages are not being processed from DROP_PCAP folder on the Network Monitor Server. A large number of VPCAP files pile up in this folder which results in a long message wait time in the Enforce console.

Resolution

The issue can be caused by a corrupt message file stuck in the folder which is not processed which in turn causes the rest of the files to be queued up.

In order to resolve this situation, stop the SymantecDLPDetectionServerService in Windows services and arrange all the files/folders in the DROP_PCAP by date modified. Then pick out the oldest file from that folder and move it to a different location. If you forget to stop the SymantecDLPDetectionServerService, you will most likely get the error "cannot move the specified file as it is in use by another process". Then restart the SymantecDLPDetectionServerService again and you should see that files should start processing normally and eventually, the message wait time should reduce.