Enterprise DLP returns the previously cached verdict in DLP Incidents (ManageConfigurationData Loss PreventionDLP Incidents) when traffic matches the same Endpoint DLP policy rule if Optical
Character Recognition (OCR) (ManageConfigurationData Loss PreventionDetection MethodsOptical Character Recognition) is first disabled and then enabled, or vice versa.
For example, you have Policy Rule A Action configured to
Alert when traffic containing sensitive data is detected. You
also have OCR disabled. Traffic is evaluated against Policy Rule
A and not sensitive data is detected so Enterprise DLP returns a
Scan Not Match verdict.
Later you change the Action for Policy Rule A to
Block and enable OCR. Traffic is again evaluated against
Policy Rule A but sensitive data is detected. In this
case, the DLP Incident erroneously displays the verdict as Scan Not
Match.
DSS-18161
The log View link in an Endpoint DLP Incident (ManageConfigurationData Loss PreventionDLP Incidents) redirects the user to the Strata Cloud Manager Command Center Log Viewer (Incidents and AlertsLog Viewer) with no filters applied to view the log details for the incident being
investigated.
Workaround: Manually apply the following filters in the Log Viewer.
For the Log Type, select Endpoint/Troubleshooting (Prisma Access
Agent)
For the filter query, enter sub_type.value='dlp'
PANG-5823
The Prisma Access Agentt gets stuck inspecting files, and is unable to complete
inspection, when you copy a file from an endpoint to a USB or Network Share peripheral
using Microsoft Powershell when a parent process spawns extremely short lived child
processes.
PANG-5828
The Prisma Access Agent is unable to receive Endpoint DLP configuration and policy
rules pushed from Strata Cloud Manager after the macOS endpoint wakes up from sleep
mode.
Workaround: Restart the WiFi on the endpoint or reboot the endpoint.