Video Screencast Help
As we strive to continually improve your experience on our site, please help us by taking this survey and tell us about your satisfaction level using Symantec Connect. One lucky winner will receive 500 Connect points! * Take the survey.

Direct performance improvents of DLP agent

Created: 10 Apr 2013 | 1 comment
Pavel B.'s picture
2 Agree
0 Disagree
+2 2 Votes
Login to vote


I would like to ask you if you can re-desing the processing of the rules that are doing the exceptions from monitoring to always happen even before the extraction phase on the DLP agent. I have realized that almost all the filters are applied too late, within the incident generation phase, which has a performance impact on the local DLP agent and PC.

For example, I see that following conditions from the exceptions' processing can happen first to save the time - all the simple atomic, with attributes known from outside the client:

* all user and group based conditions, similat for sender and recipient rules (email, web)
* all file extension, size, name conditions
* all source and destination file path (IP, UNC, local) conditions
* all IP and domain conditions
* protocol used conditions
* device class conditions
* endpoint location conditions

I think, that any content extraction and content detection shall happen only after all the exceptions are completelly evaluated first.

Thank you,


Comments 1 CommentJump to latest comment