Data Loss Prevention

 View Only

  • 1.  Filereader keeps crashing

    Posted Oct 02, 2013 01:33 AM

    I recently implemented a policy for an existing DLP 11.6 solution. Ever since then the Endpoint server Filereader keeps stopping. I'm not sure what should be changed in this policy as my other policies do not cause this issue. Any suggestions would be appreciated.

     



  • 2.  RE: Filereader keeps crashing
    Best Answer

    Posted Oct 02, 2013 01:41 AM

    I have faced this issue when using heavy rules that use excessive system resources. Some examples are below:

    • IDM/EDM only rules - IDM/EDM are not recommended for endpoints. However, in case you wish to leverage the same, you may consider combining with DCM keywords (two - tier detection). This may reduce the possibility of filereader crashes.
    • Regular expressions - Some regular expressions can be quite resource intensive. You may want to check the same

     

    Moreover, you cannot block with IDM/EDM. Hence, an IDM/EDM + DCM based rule may only be used for monitoring.

    The best would be to consider a DCM based rule with Data Identifiers/Optimized Regular expressions. Hope this helps?



  • 3.  RE: Filereader keeps crashing

    Broadcom Employee
    Posted Oct 02, 2013 01:42 AM

    whats the message in the filereader log?

    can you post it?

     



  • 4.  RE: Filereader keeps crashing

    Posted Oct 02, 2013 01:57 AM

    Thanks, this was an IDM rule causing the issue.