I have been working on an issue where DLPe has determined it is "Offline", but the endpoint is on our Corporate Network (all indications show DLPe should be "Online").
We have a set of Rules set for "offline", but after reviewing the Incidents a large number are triggered for internal/corporate resources.
When I check these endpoints showing up as offline on our int/corp network, DLPe indicates it is offline, and all tests for online pass (query DNS of Agent Handler name).
We are hesitant to implement more restrictive rules that should only trigger when the endpoint is offline, as it looks like we will impact end users randomly when they are "online".
We have not been able to reproduce the issue, and can only detrmine endpoints having the issue after the fact, so collecting debug logs has been a needle in the haystack.
Any one else experience a similar issue?
Any one think of a scenario that would reproduce this issue?