Evidence File Link is not available on some incidents

Technical Articles ID: KB93072
Last Modified: 2023-04-13 19:08:24 Etc/GMT

Environment

Data Loss Prevention (DLP) Endpoint - all supported versions
DLP Prevent - all supported versions
DLP Monitor - all supported versions
DLP Discover - all supported versions

For supported environments, see:

Problem

When you view a DLP incident, the link to download the associated evidence file is not available. The rule that generated the incident is correctly configured to generate an evidence file. The evidence file link is available in other incidents generated by the same rule.

Cause

The size of the file that generated the incident is larger than the Maximum Evidence File Size setting in the Client Configuration policy. The default value of this setting is 25 MB.

Solution

Adjust the Maximum Evidence File Size value to accommodate larger file sizes. To modify the Maximum Evidence File Size value:

In ePO, open Policy Catalog.
Select Data Loss Prevention in the Products list.
Edit the assigned Client Configuration policy.
Select Evidence Copy Service (Shared Storage and Evidence for DLP 11.5) from the Settings list.
To accommodate the larger files sizes, modify the Maximum Evidence File Size value.
NOTE: Supported value range is from 10–2575.
Click Apply Policy.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Evidence File Link is not available on some incidents

Environment

Problem

Cause

Solution

Affected Products

Languages:

Title

Title

Knowledge Center

Evidence File Link is not available on some incidents

Environment

Problem

Cause

Solution

Affected Products

Languages:

Choose your region

Title

Title