Video Screencast Help

Endpoint DLP

Created: 13 Jan 2012 | 11 comments
Abawa's picture

When copying sensitive files to a USB device from an Endpoint, the data transfer rate is slower than the normal copying of files from computers with no Endpoint DLP agent installed. What possible reasons ould be? How can it be solved (speed up)?

Comments 11 CommentsJump to latest comment

KSchroeder's picture

I'm no dlp expert (in fact I know almost nothing about it), but I'd say this is a side effect of the dlp policies you have in effect, either settings or number if policies. The agent has to scan the copied data and that slows it down. Are you running the latest updates for dlp agent?

Thanks,
Kyle
Symantec Trusted Advisor

For Forum threads, please click "Mark as Solution" if answered.
For all content, please give a thumbs up if you agree with or support the post.

xlloyd's picture

I agree, the number and complexity of the policies will affect the rate of copying. Try to stick to DCM without using regular expressions. Policies like keywords and data identifiers are less intensive than regular expressions. Also ensure that you aren't using and Indexed Data Matching or Exact Data Matching rules!

If this post has helped you, please vote up or mark as solution
Huxtable's picture

Depending on how you have the agent configuration configured could be part of the problem, this would require testing which I would advise on doing before proceeding to a production deployment. Poorly written policies, or too many policies can also be a factor.  Custom applications on some endpoints can pose a problem but again, this should be tested in a pilot group of some sort. 

What you should do is start with 1 policy, then add another and find out when you start to have performance issues.  Fine tune the policy as you go. 

Syed Hussain -Compliance Devil's picture

Hi,

Have you tested on a different machine where we have same system SPEC?

Thanks,

-Syed Hussain

Thanks,

-Syed Hussain

 

If a post solves your problem, please flag it as solved. If you like an item, please give it a thumbs up vote.
Abawa's picture

Yes I have tested it but still the same.

Abawa's picture

How slow is the data transfer rate when copying a file from a machine with endpoint dlp agent to a USB 2.0 and CD? Can some body tell me the performance of the machine depending on the volume of data copied?

prakash.soni24@gmail.com's picture

It is due to the dlp agent examines the data you copy to pen drive. moreover the slowness depends on the policy you place for agent. The more policy you apply on agent the more rules agent will match with the copied data and as a result the more data copy will be slowed down

N Manoj's picture

Hi,

Please Check

Symantec Data Loss Prevention Endpoint Performance Guide from Vontu Knowledge Base.

Manoj N

prakash.soni24@gmail.com's picture

Hi manoj,

Can I create vontu knowledge base account for me. Please provide site name, Actually I tried to create account to see documents on it but it gives the information that I am not a valid partner to create this account

kishorilal1986's picture

Hi Abawa,

ideally DLP agent is installed to monitor and scan all data and activities of end user. As per your DLP agent and configured policy it takes more time to scan and later copy. As no. of policies applied for endpoint agent it will scan against the policy the data that has confidential as defined.

You can do below things

1)either as per your requirement you can remove it from your machine.

2)you can modify endpoint policies as less sacnning can be applied during data transfer.

 

Also find below solution

You deploy the Symantec DLP Agent on each endpoint computer you want to scan.
An Enforce Server controls the Symantec DLP Agent and applies the policies and
rules of that Endpoint Server. You cannot make individual changes to the Symantec
DLP Agents.

N Manoj's picture

Hi Prashant,
 

Please Contact to Regional Symantec team they will definitely help you.

Following Url for DLP Knowledge base portal

https://kb-vontu.altiris.com

 

Thanks,

ManojN

 

Manoj N