Data Loss Prevention

 View Only
Expand all | Collapse all

DLP 14: Chrome Browser Performance / Chrome Cut and Paste

  • 1.  DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 20, 2015 12:05 PM

     

    Starting a thread to see if anyone else has noticed similar issues with Chrome v44.0 on 32 or 64-bit Windows 7 workstations.

    Performance Issue:

    • Users have v14.0 of the Endpoint agent installed
    • Agents were installed successfully and visible in the Enforce console
    • HTTPS is not enabled for Chrome
    • Application Monitoring is enabled for Chrome to monitor Network, Print/Fax, and Filesystem

    During the course of use with intranet / Internet activities, Chrome eventually becomes unresponsive and must be closed / forcibly closed.

     

    Functionality Issue:

    • The user copies an intranet / Internet URL from a source (notepad, Word doc, Firefox / IE URL bar, etc.)
    • Attempts to copy to the Chrome URL bar by right-click, Paste
    • Paste option is visible in the context menu, but is grayed out and cannot be used
    • Right-click, Paste option is available / works if the URL is pasted into a free-form text field within another tab in the browser
    • After Right-click, Paste is used in the free-form area, the user is able to right-click, Paste in the Chrome URL bar
    • Ctrl-v always works when pasting to the URL bar or free-form text areas


  • 2.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 21, 2015 06:27 AM

    Hello Ethan,

    Regarding the performance issues described above I am also facing the same problem. When Application monitoring is enabled for Chrome, Chrome (and IE 11 as well) is continuously crashing or becoming unresponsive. Similiar scenario was happening with 12.5v.

    What I'm testing right now is the native DLP 14 HTTPs monitoring without having Chrome activated in Application Monitoring. The results so far are way better: Chrome is working fluid as expected and web upload is under protection of DLP.

    Hope this helps you.

     

    Regards,



  • 3.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 21, 2015 12:13 PM

    I have seen the same issues with chrome enabled application monitoring and version 14 with some 12.5 scattered in there. 20 minutes after I enabled I got flooded with emails that chrome is unresponsive or taking around 5 seconds to load any webpage. Also when shutting chrome down and opening it back up it can take about 5 seconds for the program to load. Watching the processes we noticed edpa.exe was spiking CPU usage. Which is telling me the agent is doing someting.

     

    I also want to mention that in my policies that are active to all users I made exceptions for application monitoring since Symantec decided to make it all or nothing. I still had users reporting that chrome was taking too long. So that is where I had to uncheck chrome.exe from the application monitoring so things would go back to normal.

     

    I am in the process of setting up another DLP test server to see if there is anything else I can do or help troubleshoot. I will see about disabling the HTTPS and see if that works. But I will not be doing any testing until my test server is up. As mentioned, if when using application monitoring as an exemption it still locked up chrome for everyone.



  • 4.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 21, 2015 12:34 PM

     

    Thanks for the replies. I was hoping this behavior was not an isolated incident. While looking in to Chrome, I found this optimization tip from Symantec. Haven't tested to see if it will correct the problem, but something to consider.

     

    You optimize Google Chrome performance by adding a file path filter to the agent configuration.

    Use the following steps to add a file path filter:

    1. Go to the Agent Configuration screen (System > Agents Agent Configuration).
    2. Click the name of an existing configuration to open it, or click Add Configuration.
    3. Locate the Filter by File Properties section on the Agent Monitoring tab.
    4. Click Add Monitoring Filter to display the Configure Server - File Filter screen.
    5. In the Filter Action section, select Ignore (do not monitor).
    6. In the Endpoint Channel section, select Application File Access.
    7. In the File Attributes section, select File Path on Destination.
    8. Enter the following in the File Path on Destination field:
      $LocalAppData$\Google\Chrome\*
    9. Click Save.
    10. Click Save on the Agent Configuration screen to enable your changes.

    https://support.symantec.com/en_US/article.HOWTO100454.html



  • 5.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 21, 2015 02:05 PM

    Well that is interesting. I already have a file path to ignore $LocalAppData$\*

     

    So would it not ignore anything in the LocalAppData folder? Or is it looking for specific?



  • 6.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 21, 2015 03:08 PM

     

    Yes, looks like $LocalAppData$\* would ignore everything under the user's \AppData folder.

    The optimization tip came out before Chrome was in Application Monitoring by default.

    "When you set up Application File Access monitoring for Chrome, Symantec recommends that you set DLP to ignore the path where Chrome stores browser-specific information, like cookies, cached files, and plugins. Ignoring this location helps optimize Application Monitoring performance by preventing DLP from monitoring these browser-specific files each time they are accessed."

    Now that Chrome is in Application Monitoring default, I don't see an App Monitoring Filter for Chrome files. Leaves me to assume the agent is monitoring as Chrome uses them.



  • 7.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 21, 2015 03:37 PM

    Yea even with $LocalAppData$\* in the filter I was still getting alerts on false positive for the chrome cache folder. Which is strange just you like you mentioned that it is not ignoring the chrome cache folder, that is unless you put in the direct filter.

     

    I am still getting my test server up and running so I can play with this. Sucks you cannot get more granular when it comes to defining where you want application monitoring to apply. I do not like the all or nothing approach.



  • 8.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 31, 2015 04:32 AM

    I used this setup since 12.XX version and it didnt reflect in any improvements for Chrome and/or IE performance (while having Chrome monitoring enabled).



  • 9.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Aug 31, 2015 03:40 PM

    Hello all,

     

    In our corporation we also identified some of these issues. DLP 14 in the end doesn't bring so much improvements in terms of monitoring. Our tests are still on going.

     

    Regards,

    Arek



  • 10.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Sep 11, 2015 07:30 AM

     

    Update on the Cut/Paste issue. Support confirmed this a problem with the agent. Plans are to resolve the issue in the next major release, v14.5.



  • 11.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Sep 13, 2015 10:25 AM
      |   view attached

    Hi Ethan M.,

    Regarding the performace issues, did you have chance to test the recomended Symantec settings for Native Chrome monitoring? See the print below.

    In our environment, such setup doesnt have performance impact when HTTPs for Chrome is activated.

     

    Cheers,

    Morgado

     

     



  • 12.  RE: DLP 14: Chrome Browser Performance / Chrome Cut and Paste

    Posted Sep 14, 2015 04:17 AM

    Hi Ethan M.,

     

    Regarding Copy-Paste issue, we could reproduce your description in different variations.

    When pasting an URL into Chrome copied from a different "App", we can paste with Richt-Click after we pasted it before with Ctrl+V

    On other way, we managed to paste link with right-clik without making Ctrl+V before, when having other tabs opened.

    But this issue seems to have a very irregular behaviour.

    In our company, along with configurations that Morgado pointed out, we decided to configure Clipboard with option "Copy". Therefore, we are monitoring copy/paste actions at the first step.

    Besides configurations above, we have:

    • Enabled Clipboard option "Copy" in Application Monitoring for Chrome and IE

    90px_copy_option.png

    • Enabled Clipboard "Copy" on Agent Configuration settings

    copy_option_2.png

    With this configuration, we can copy an intranet link (web page link or direct link for document) from a notepad file and/or IE URL bar and then paste it on Chrome without any problem.

    In my machine I have Chrome version "45.0.2454.85".

     

    Regards.