In normal circumstances, the Policy Version (as seen in the DLP or Discovery
Manage Policies page) incremented on the DLP Management Server upon changes to the configuration will automatically be synced across the environment, given that the deployment is successful and the Endpoints (if in use) have successfully checked in for updates. However, they may be a time where it is desirable to confirm if the secondary components are indeed using the latest policy version.
Obtaining Policy Version on Windows/Linux Components
This information is present within PolicyEngine.policy.xml at the following location:
- Windows: %DSS_HOME%PolicyEngine.policy.xml
- Linux: /opt/websense/PolicyEngine/PolicyEngine.policy.xml
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<policyEngineConfig GlobalVersion="448"
[...]
In this example, the Policy Version is 448.
Obtaining Policy/Fingerprint/Profile Versions from a DLP Endpoint ClientInfo
macOS Endpoints will list the versions within dlpdebug.log:
[INFO:engine.c:8798] Endpoint policy version <3212>
[INFO:engine.c:8810] Endpoint config version <66>
[INFO:engine.c:8822] Endpoint fingerprint version <0>
On Windows environments, there is a need to debug the Configuration topic within EPClassifier.log.config in order to obtain a decrypted Policy.xml. It will be represented as GlobalVersion="<x>" for the Policy Version. Additional debugging may be needed to list the version numbers when the Endpoint checks for updates.
dser_profile.xml will show SN= "x" to represent the Profile Version.
Note See Determining DLP Endpoint Build and Classifier Version from ClientInfo for a similar helpful article.
Keywords: DLP Data Security; Forcepoint One Endpoint; Policy Version Sync; Check Local File; ClientInfo; Latest Policies Not Applying; Endpoint Debug; Linux Protector WCG Web Content Gateway Forcepoint Email Gateway; Mac Endpoint; Policy Profile Fingerprint Version;
