Hello,
This is a query on symantec DLP - We are using endpoint prevent for our environment.
If we have a end user machine which is not connecting to network - how long would the incidents be retained in endpoint. ?
(say if there is an employee who is not connecting to corporate network(endpoint server) for a year - will the incidents be logged in enforce after the machine connects to network after 1 year)
In above scenario what will the maximum data that will show up in incidents - User has copied or transfered data upto 100 Gb or 200 Gb during this period will all this transfer be showing in the enforce console when the machine connects back to network?
Thanks.