The last couple of days 2 of my protection rules in DLPe have ceased functioning. 1 is a printer protection rule and the other is an email protection rule.
The only change we made was to the DLP operation mode. We changed from device and full content protection to device control and content aware removable storage protection. I switched back to full protection but still no luck on generating incidents on these 2 rules. Could that change have caused this problem? and does anyone know exactly what the difference between those two operation modes is?
Thank you for any advice!
After spending some time on this I found that the hotfix for DLPe that I was given by support for another issue was the culprit. (We were operating on a custom hotfix 9.3.329 which wound up not being the issue anyway it was actually something related to McAfee Agent 5.0) I rolled the agent back to a prior hotfix of 9.3.3 (9.3.312 to be specific) and this corrected the issue.