Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

Direct performance improvents of DLP agent

Created: 10 Apr 2013 | 1 comment
Pavel B.'s picture
2 Agree
0 Disagree
+2 2 Votes
Login to vote


I would like to ask you if you can re-desing the processing of the rules that are doing the exceptions from monitoring to always happen even before the extraction phase on the DLP agent. I have realized that almost all the filters are applied too late, within the incident generation phase, which has a performance impact on the local DLP agent and PC.

For example, I see that following conditions from the exceptions' processing can happen first to save the time - all the simple atomic, with attributes known from outside the client:

* all user and group based conditions, similat for sender and recipient rules (email, web)
* all file extension, size, name conditions
* all source and destination file path (IP, UNC, local) conditions
* all IP and domain conditions
* protocol used conditions
* device class conditions
* endpoint location conditions

I think, that any content extraction and content detection shall happen only after all the exceptions are completelly evaluated first.

Thank you,


Comments 1 CommentJump to latest comment