I know this has been an issue in the past but want to know if there is a new way to fix this.
I have two users in different domains with the same user name, example, jsmith.
The problem for some reason is DLP will get an incident from user alpha\jsmith and in the incident attributes it uses user beta\jsmith details. Even though in the incident details on the right it see's alpha\jsmith as the offending user.
So why is symantec not using domain\user when performing the AD lookups? It seems that it is only using the user and performing the lookup off of the user name instead of the domain\username.
These are legacy users that were with the company prior to our DLP installation and they have their user names embedded in specific systems so just simply changing the user name could break some processes or make it a big headache on the user that did change their name.