Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

edpa.exe enumerating user's AD groups on system power on

Created: 16 Apr 2013 | 4 comments

We have some behavior I can't explain which has been producing significate network impact. We have traced our issue to edpa.exe perform LDAP group enumeration AD groups of logged in users. This is generating a signifcate amount of LDAP traffic across my orginization. Everything from security groups to distribution lists that the logged in user belongs to is being enumerated by DLP. This happens once when the computer is powered on. Has anyone seen this behavior and what could be causing it?

 

Thanks,

Jer

Operating Systems:

Comments 4 CommentsJump to latest comment

kishorilal1986's picture

This issue is just specific to particular machine or more than single

bluemtn's picture

All Windows XP and Windows 7 systems. edpa.exe makes an ldap request for the memberof attrib of the logged in user and then started enumerate all the groups the user belongs to.

kishorilal1986's picture

Hi Blue,

Plz contact emidiately to symantec support as this was new issue to me. This might be the DLP product (Agent vulnerability or bug). I recommend that u need get more guide/advice from them meanwhile u can collect and analyzed the logs from agent and servers related to this event.

Also refer below

http://www.symantec.com/connect/forums/dlp-logs

https://www-secure.symantec.com/connect/downloads/...

I hope above will help you to resolve

Jsneed's picture

This seems to be standard behavior if you have an LDAP group setup in the console. I believe it does a recursive lookup because groups can be a member of other groups.  I do wish there was an option to turn this off, or set a refresh interval on it.