DLP Endpoint Client Incident Handling When Off-Network
- Article Number: 000004221
- Products: Forcepoint DLP Endpoint, Forcepoint One Endpoint, TRITON AP-ENDPOINT DLP
- Version: 8.7, 8.6, 8.5, 8.4
- Last Published Date: June 23, 2020
How does the Forcepoint DLP Endpoint Client handle incidents while it is disconnected from the Endpoint Server?
The Endpoint will continue to enforce the last policy update it had received while the user is off the internal network. Incidents and traffic logs are saved in the PendingEvents directory within the installation directory on Endpoint Client machines. The maximum disk space each Endpoint client can allocate for incident storage when the Endpoint Client is disconnected from the Forcepoint DLP Management Server is 100 MB by default. Once the 100 MB size limit is reached, new incidents are ignored, though DLP detection will still occur. Incidents will flow to the Endpoint Server and then the Management Server and SQL database once the next connection to the Endpoint Server has been established.
This folder limit can be increased to up to 2000 MB as described in the Disk Space tab of the Endpoint Settings page.
Keywords: DLP Data Security Endpoint; Forcepoint ONE Endpoint; Endpoint Incidents; Endpoint Discovery; Incident Backlog; VPN Connection; DLP Agent Not Working; Off-Network Enforcement; DLP Server Inquiry