Quantcast
Channel: Symantec Connect
Viewing all articles
Browse latest Browse all 22530

Direct performance improvents of DLP agent

$
0
0

Hello,

I would like to ask you if you can re-desing the processing of the rules that are doing the exceptions from monitoring to always happen even before the extraction phase on the DLP agent. I have realized that almost all the filters are applied too late, within the incident generation phase, which has a performance impact on the local DLP agent and PC.

For example, I see that following conditions from the exceptions' processing can happen first to save the time - all the simple atomic, with attributes known from outside the client:

* all user and group based conditions, similat for sender and recipient rules (email, web)
* all file extension, size, name conditions
* all source and destination file path (IP, UNC, local) conditions
* all IP and domain conditions
* protocol used conditions
* device class conditions
* endpoint location conditions
 

I think, that any content extraction and content detection shall happen only after all the exceptions are completelly evaluated first.

Thank you,

Pavel


Viewing all articles
Browse latest Browse all 22530

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>