Data Loss Prevention

 View Only

  • 1.  Error in DLP Endpoint System Log

    Posted Jan 13, 2014 01:14 PM

    Working on trying to figure out an error message with DLP Endpoint agents.  My machines continually give me an error message of the following:

     
    01/08/2014 22:04:09 |  1260 | ADMIN   | SystemEventLogger | Category: agent_event.category.logger_status, Sub Category: agent_event.subcategory.agent_loglevel_restored_to_default, Extended Value: NA01/08/2014 22:04:10 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/08/2014 22:04:10 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/08/2014 22:04:10 |  2060 | ADMIN   | SystemEventLogger | Category: agent_event.category.monitoring_status, Sub Category: agent_event.subcategory.monitoring_enabled, Extended Value: NA01/08/2014 22:04:10 |  1260 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.service_started, Extended Value: 11.6.1000.2005601/08/2014 22:04:10 |  1260 | ADMIN   | Service         | System started: 01/08/2014 22:03:42; Windows 7; Version: 6.1 Service Pack 1; Total Memory: 8250808KB  Available Memory: 6483684KB; Locale: en-US01/08/2014 22:04:10 |  4248 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.watchdog_running, Extended Value: NA01/08/2014 22:11:39 |  2280 | ADMIN   | SystemEventLogger | Category: agent_event.category.connection_status, Sub Category: agent_event.subcategory.connection_active, Extended Value: 192.168.180.142:11.6.1000.2005601/09/2014 11:05:44 |  1364 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_store, Sub Category: agent_event.subcategory.agent_store_ok, Extended Value: 01/09/2014 11:05:51 |  1364 | ADMIN   | SystemEventLogger | Category: agent_event.category.file_system_driver, Sub Category: agent_event.subcategory.driver_up, Extended Value: NA01/09/2014 11:05:51 |     0 | WARNING | LegacyFilterConnector |  | [WIN32 ERROR 1060]  The specified service does not exist as an installed service. 
    01/09/2014 11:05:51 |     0 | WARNING | LegacyFilterConnector |  | [WIN32 ERROR 1060]  The specified service does not exist as an installed service. 
    01/09/2014 11:05:51 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/09/2014 11:05:51 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/09/2014 11:05:51 |  1364 | ADMIN   | SystemEventLogger | Category: agent_event.category.logger_status, Sub Category: agent_event.subcategory.agent_loglevel_restored_to_default, Extended Value: NA01/09/2014 11:05:52 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/09/2014 11:05:52 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/09/2014 11:05:52 |  2072 | ADMIN   | SystemEventLogger | Category: agent_event.category.monitoring_status, Sub Category: agent_event.subcategory.monitoring_enabled, Extended Value: NA01/09/2014 11:05:52 |  1364 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.service_started, Extended Value: 11.6.1000.2005601/09/2014 11:05:52 |  1364 | ADMIN   | Service         | System started: 01/09/2014 11:05:24; Windows 7; Version: 6.1 Service Pack 1; Total Memory: 8250808KB  Available Memory: 6634800KB; Locale: en-US01/09/2014 11:05:52 |  4320 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.watchdog_running, Extended Value: NA01/09/2014 11:05:57 |  2280 | ADMIN   | SystemEventLogger | Category: agent_event.category.connection_status, Sub Category: agent_event.subcategory.connection_active, Extended Value: 10.16.58.89:11.6.1000.2005601/09/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 12:12:00 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/09/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 12:12:01 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 12:12:01 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/09/2014 12:12:01 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 12:12:01 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 12:12:01 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 12:12:01 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/09/2014 12:12:01 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 12:12:01 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:12:00 |     0 | SEVERE  | ApplicationConnector | 01/09/2014 16:30:11 |  1364 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.service_powered_down, Extended Value: 01/10/2014 00:48:38 |  1276 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_store, Sub Category: agent_event.subcategory.agent_store_ok, Extended Value: 01/10/2014 00:48:45 |  1276 | ADMIN   | SystemEventLogger | Category: agent_event.category.file_system_driver, Sub Category: agent_event.subcategory.driver_up, Extended Value: NA01/10/2014 00:48:45 |     0 | WARNING | LegacyFilterConnector |  | [WIN32 ERROR 1060]  The specified service does not exist as an installed service. 
    01/10/2014 00:48:45 |     0 | WARNING | LegacyFilterConnector |  | [WIN32 ERROR 1060]  The specified service does not exist as an installed service. 
    01/10/2014 00:48:45 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/10/2014 00:48:45 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/10/2014 00:48:45 |  1276 | ADMIN   | SystemEventLogger | Category: agent_event.category.logger_status, Sub Category: agent_event.subcategory.agent_loglevel_restored_to_default, Extended Value: NA01/10/2014 00:48:46 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/10/2014 00:48:46 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/10/2014 00:48:46 |  2092 | ADMIN   | SystemEventLogger | Category: agent_event.category.monitoring_status, Sub Category: agent_event.subcategory.monitoring_enabled, Extended Value: NA01/10/2014 00:48:46 |  1276 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.service_started, Extended Value: 11.6.1000.2005601/10/2014 00:48:46 |  1276 | ADMIN   | Service         | System started: 01/10/2014 00:48:18; Windows 7; Version: 6.1 Service Pack 1; Total Memory: 8250808KB  Available Memory: 6513332KB; Locale: en-US01/10/2014 00:48:46 |  4252 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.watchdog_running, Extended Value: NA01/10/2014 00:52:39 |  2284 | ADMIN   | SystemEventLogger | Category: agent_event.category.connection_status, Sub Category: agent_event.subcategory.connection_active, Extended Value: 192.168.180.142:11.6.1000.2005601/10/2014 09:48:08 |  1308 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_store, Sub Category: agent_event.subcategory.agent_store_ok, Extended Value: 01/10/2014 09:48:15 |  1308 | ADMIN   | SystemEventLogger | Category: agent_event.category.file_system_driver, Sub Category: agent_event.subcategory.driver_up, Extended Value: NA01/10/2014 09:48:15 |     0 | WARNING | LegacyFilterConnector |  | [WIN32 ERROR 1060]  The specified service does not exist as an installed service. 
    01/10/2014 09:48:15 |     0 | WARNING | LegacyFilterConnector |  | [WIN32 ERROR 1060]  The specified service does not exist as an installed service. 
    01/10/2014 09:48:15 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/10/2014 09:48:15 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/10/2014 09:48:15 |  1308 | ADMIN   | SystemEventLogger | Category: agent_event.category.logger_status, Sub Category: agent_event.subcategory.agent_loglevel_restored_to_default, Extended Value: NA01/10/2014 09:48:16 |     0 | WARNING | HookManager     |  | [WIN32 ERROR 87]  The parameter is incorrect. 
    01/10/2014 09:48:16 |     0 | WARNING | HookManager     |  | [WIN32 ERROR 87]  The parameter is incorrect. 
    01/10/2014 09:48:16 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/10/2014 09:48:16 |     0 | WARNING | AGENTMGMT       |  | [WIN32 ERROR 193]
    01/10/2014 09:48:16 |  1224 | ADMIN   | SystemEventLogger | Category: agent_event.category.monitoring_status, Sub Category: agent_event.subcategory.monitoring_enabled, Extended Value: NA01/10/2014 09:48:16 |  1308 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.service_started, Extended Value: 11.6.1000.2005601/10/2014 09:48:16 |  1308 | ADMIN   | Service         | System started: 01/10/2014 09:47:48; Windows 7; Version: 6.1 Service Pack 1; Total Memory: 8250808KB  Available Memory: 6515012KB; Locale: en-US01/10/2014 09:48:16 |  4328 | ADMIN   | SystemEventLogger | Category: agent_event.category.agent_service_status, Sub Category: agent_event.subcategory.watchdog_running, Extended Value: NA01/10/2014 09:48:26 |  2284 | ADMIN   | SystemEventLogger | Category: agent_event.category.connection_status, Sub Category: agent_event.subcategory.connection_active, Extended Value: 10.16.58.89:11.6.1000.2005601/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 12:12:00 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 12:12:00 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 12:12:00 |     0 | WARNING | AGENTMGMT       |  | [HRESULT 0x80004005]  Unspecified error 
    01/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 12:12:00 |     0 | SEVERE  | ApplicationConnector | 01/10/2014 13:16:40 |  1224 | ADMIN   | SystemEventLogger | Category: agent_event.category.configuration_update, Sub Category: agent_event.subcategory.config_success, Extended Value: 21;18
     
    Any ideas on where to start here?


  • 2.  RE: Error in DLP Endpoint System Log

    Broadcom Employee
    Posted Jan 13, 2014 01:24 PM

    does the dlp services started on the endpoint?

     



  • 3.  RE: Error in DLP Endpoint System Log

    Trusted Advisor
    Posted Jan 13, 2014 02:10 PM

    Actually, Jonathon posted this on my behalf.

    Yes, the agent starts and reports.



  • 4.  RE: Error in DLP Endpoint System Log

    Posted Jan 14, 2014 06:27 AM

    I am also Facing the same issue & my EDPA.exe utilizes 30% to 50% of my CPU when IE is opened with Symantec endpoint protection Manager WebConsole



  • 5.  RE: Error in DLP Endpoint System Log

    Trusted Advisor
    Posted Jan 24, 2014 12:42 PM

    Do you have the SEP exclusions built for DLP Endpoint?

    http://www.symantec.com/business/support/index?page=content&id=TECH180886

     

    EDIT:  This was supposed to be a reply!