A Critical status indicates the DLP Agents in this state have experienced the conditions require immediate attention:
Critical agent alerts generally include the following:
A driver is not running
The DLP Agent version is not compatible with the Endpoint Server
Active Directory permissions conflict with Symantec Data Loss Prevention permissions
The DLP Agent cannot report to the Endpoint Server
The DLP Agent is unable to monitor the macOS applications that are protected by System Integrity Protection (SIP)
Agent alert |
Cause |
Fix |
Agent not reporting |
The agent has not reported to an Endpoint Server within the specified period of time. If the agent does not report after 18 hours, then Symantec Data Loss Prevention identifies the agent as not-reporting. Not-reporting agents do not receive the latest policies and configuration information, so they are marked with a Critical agent alert. |
To fix the issue:
*You access the Agents List screen by clicking an agent status or alert type link on the System > Agents > Overview screen. |
Agent version is not supported |
The agent is two versions older than the Endpoint Server version to which it connects. For example, if the Endpoint Server is version 15.8 and the agent is 15.1.x, a Critical agent alert displays. The features available in Enforce and Endpoint Server are not available for these agents. Symantec Data Loss Prevention identifies these agents with a Critical alert because these agents do not provide current Symantec Data Loss Prevention features and may not operate as designed. |
|
File system driver is down |
The agent service cannot communicate with the Symantec Data Loss Prevention driver installed on the endpoint. Communication may not occur for the following reasons:
|
To fix the issue:
|
Mac OS application is not monitored |
The DLP Agent monitors the macOS applications that are protected by System Integrity Protection (SIP) on macOS 10.11 and later as listed in the Symantec Data Loss Prevention System Requirements and Compatibility Guide. Updating the macOS version beyond the supported version causes the agent to no longer monitor the applications protected by SIP. The agent continues to monitor all other channels. |
|
Chrome extension not deployed |
DLP 15.8 and higher. As detection capabilities related to Chrome in 15.8 are moved to extension this particular was moved from Warning to Critical state. |
Refer to DLP Agent shown in Critical or Warning status with alert 'Chrome|Edge extension not deployed' |