Data Loss Prevention

endpoint detection server showing restarting continously but working and reflecting the deployed agents. find the attched snapshot.

This may happen if the policies have too many rules that are utilizing a lot os system resources on the server. To confirm this try the below:

a) Disable all policies aassociated with this server and monitor.

b) Enable the policies one by one over a period of time and monitor. This way you will be able to pin point which policy is causing an issue.

Once the concerning policy is identified, you may tune the rules accordingly to optimize resource utilizaton.

• Also check for any IDM/EDM only rules. These can take a toll on resources. It is best to leverage two-tier detection by combining with DCM.
• Similarly some regex can cause issues, if written in a certain manner. 

Hi KS , 

To add to what Denis had advices. 

First Identify what resource is restarting or unable to start.

Click on the endpoint server and see the process which is not starting , Mostly the issue should be with the "FileReader".

To see the sub processes you need to enable the "Advance process control" :

Go to System > Settings > General > Config > check the "Advance Process Control"(Save).

Now click on the endpoint server and check the process not starting.

Also, before trying anything restart the Vontu Monitor Controllar Service on the enforce , The issue might be with communication.

Hi,

here is some information

https://www-secure.symantec.com/connect/forums/filereader-restarts-excessively

Regards.