Hi,

I have tested in one of our client, the incidents are able reach to EPO server through Agent handler but unable to download the incidents to view in incident list. 

Which is throughing error " the evidence is not available"

need to to add your epo server computer account to the DLP evidence share permissions with full access.

anohter possible reason is that evidence didnt got uploaded to the evidence share - can follow KB81399 for further troubleshooting.

Hi @kranthi.k ,

Thank you for writing in here.

The error which you have mentioned is "evidence file not available" , this could be because the DLP Endpoint Console is showing as Not connected to Corporate Network and the DLP Incident Information in the DLP Incident Manager will show the connectivity state as Offline. 

When the DLP Endpoint console shows "Not Connected to Corporate Network", and when DLP generates Incidents , these Incidents can be parsed to your EPO via the DMZ Agent handler, however if DLP Endpoint console shows not connected to corporate network, the Evidence files stays with the client machine itself. 

These evidence files will be uploaded to the evidence share folder only when the the DLP Endpoint console shows "Connected to Corporate Network", to see when it can connect to corporate network and when it cannot, you would need to check the "Corporate Connectivity" settings under Windows Client Configuration policy assigned to this client machine from EPO.

For more possible scenarios, kindly have a view on the below kb,

https://kc.mcafee.com/corporate/index?page=content&id=KB81399&locale=en_US

Thank you.