Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Why DLP agents are creating huge .vep files

Created: 03 Aug 2012 | 5 comments
Atif's picture

Guys,

Few of the DLP agents in a DLP deployment generated huge .vep files without any relevant policy in place. There was only one policy which was configured for a very unique keyword but next day few users with DLP agents complained about huge .vep file size.

Can anyone explain this to me?

Regards.

 

Discussion Filed Under:

Comments 5 CommentsJump to latest comment

yang_zhang's picture

DLP agent makes a snapshot of any file that are evaluating for removable storage.  That way, if the file is removed before DLP agent detect, DLP agent can still Monitor the file and create an incident, allowing us to be aware that the copy happened.  Before processing, the files are copied into an .snp files that are stored in the C:\Program Files\Manufacturer\Endpoint Agent\temp directory.

The .snp (snapshot) files are the original copies of the files DLP agent scan. The file is then copied to a .vep (Vontu Endpoint) file, which is used in the detection process.

So, can you try to reboot these few agents?

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Atif's picture

Thanks Yang for the response. Yes we rebooted few agents and found this issue goes away when rebooted. What is the reason for this? Please also suggest precaurtions if any to avoid this problem in future.

kishorilal1986's picture

Hi Atif,

Yes agree with yang.,but you can also refer below details as

If you implement any of the above scenarios on your deployment, make sure that VEP file optimization is turned off. Go to System > Servers > Overview > Server Detail > Advanced Endpoint Settings and scroll down for FileSystem.ENABLE_VEP_FILE_ELIMINATION.int. The parameter should be set to 0.

By default, VEP file optimization is disabled.

VEP File Elimination should be disabled when:

* Two-Tier policies are used on the endpoint, OR
* Data Retention is enabled on the endpoint, OR
* Symantec Endpoint Encryption is used on the endpoint.

 

Otherwise, VEP File Elimination can be enabled.

 

Atif's picture

Thanks Kishorilal,

I have a confusion. Please correct me. By words "ENABLE_VEP_FILE_ELIMINATION.int" points to the action DLP takes to eminite .vep file to avoid disk space issue. If that is correct then it should be enabled. Please correct me if I am wrong.

Regards.

kishorilal1986's picture

Yes, Atif its correct but please ensure all the required criteria and impact of the changes.