I have 5 total DLP Endpoint Prevent servers, each with DLP version 18.104.22.16834, with the DLP agent version deployed being 14.0.2000.1056.
Of the 5 servers, I am having an issue with 4 of them. The issue is as follows;
This causes the drive on which DLP is installed to fill quickly, given the endpoint prevent server will not complete processing of the incident files, and the "aggregator_temp_data" folder continues to fill.
DLP Endpoint policies are applied the same, to all 5 servers - including the 1 server which is not exhibiting the behavior of the other 4 servers.
Any help is appreciated. Thank you.
Reccomendation is to stop the services and then reinstall the application. You can backup the files in the incidents just in case.
Also is there any issue with the Enforce server on processing incidents? There may be an issue upstrem that is causing the other endpoints to fail with the transfer of data to the console.
Someone else with this problem
I am in version 15.5 and a detection to prevent this is filling up frequently, every incident generated creates the folder is directory