Data Loss Prevention

Hello, we are in the midst of rolling out DLP agent to our MS, Apple and Linux desktops. Our desktop support team requires DLP agent troubleshooting guides in order to help them troubleshoot DLP agent and analyze whether or not DLP agent is the root cause, etc. I am hoping someone can help direct me on where I can get this information from. Or maybe share what their desktop support teams do in order to facilitate DLP agent analysis and remediation steps. Thanks all.

What do you all mean by troubleshooting guides?  I like to start with the DLP Admin guide for the sections on Endpoint Prevent and Endpoint Discover (I think it's section 9?) 

What type of troubleshooting thigns do you need?  Like the Agent stops reporting?  Or what?

The DLP agent isn't very easy to troubleshoot without access to the console (the local logs are encrypted).  Our organization has given the desktop group the ability to stop the agent for troubleshooting purposes, but any issues proven that way are escalated to our DLP team.

I agree with Jsneed. The agent is not easy to troubleshoot and when my companies desktop support team is trying to narrow down an issue they will reach out to me in which I will stop the agent in the console. 99.9999% of the time it is not the agent. The other % of the time I will find it is the agent and just use our 3rd party Inventory application and reinstall the agent.

Most of the time the only issues you will see with the agent is either CUI.exe, edpa.exe or kvoop.exe are consuming high CPU or memory or there can be a few temp files in the agent install directory that are very large. Like over a GB large.

If there is anything else it could end up being a policy misconfiguration.