Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Direct performance improvents of DLP agent

Created: 10 Apr 2013 | 1 comment
Pavel B.'s picture
2 Agree
0 Disagree
+2 2 Votes
Login to vote

Hello,

I would like to ask you if you can re-desing the processing of the rules that are doing the exceptions from monitoring to always happen even before the extraction phase on the DLP agent. I have realized that almost all the filters are applied too late, within the incident generation phase, which has a performance impact on the local DLP agent and PC.

For example, I see that following conditions from the exceptions' processing can happen first to save the time - all the simple atomic, with attributes known from outside the client:

* all user and group based conditions, similat for sender and recipient rules (email, web)
* all file extension, size, name conditions
* all source and destination file path (IP, UNC, local) conditions
* all IP and domain conditions
* protocol used conditions
* device class conditions
* endpoint location conditions
 

I think, that any content extraction and content detection shall happen only after all the exceptions are completelly evaluated first.

Thank you,

Pavel

Comments 1 CommentJump to latest comment