My Admins are gettingcomplaints from users about high memory usage. This started occurring after DLPwas deployed so we are looking into it. In my research I found that the turningon "device control only" fixed this or some. I've don’t that but theyare still getting the issue. We currently are just using DLP to block USBstorage devices and nothing else. I have EPO 5 and DLP 9.3 installed. Anythoughts/suggestions would be greatly appreciated.
Sounds like you need to re-visit your policies.
First, compare what you intend with the policies you have enabled, and what they apply to (such as your matching text patterns etc.). If you aren't using a feature, then make sure your Agent Policy in EPO has that module turned off!!!
For example, if you are not using 'Email Protection' then uncheck the box for it in your Agent policy
Second, what USB devices are you trying to block? If its all USB, then perhaps a well-written GPO is a better candidate. Otherwise, check your devices you want to allow/block and make sure you don't have unnessesary rules in place.
Third, if for your needs having Device Control Only meets what you require, then thats all you need. Those 3 options (complete, with tag, device only,) enable/disable certain features that you may not require. Additionally, those features if not in use, are probably using the default settings which could be eating your resources.
Hope that makes sense.
Thanks for the response.
We are using a block all allow by exception policy with device contorl. This issue is that memory is being used and I cant tell from what. The coicedence is that we just deployed DLP to our workstations and now close to 4 gigs of memory is being eaten up. I checked the processes (fcag.exe) and it doesn't seem to be using a high amount. I was wondering if any one else had experinced and mem leaks with DLP services. I'll go back through the configs again. Aside form email protection anything else i should look for?
Um, well if you don't know what is using it then how do you know how much is being used for sure?
I cited the email as an example. Disable any/all modules you are not using. Such as cloud protection, application protection, etc. Not using it? Uncheck, and make sure no policies are assigned for it.
Go through each tabl of your Agent Policy, and turn off anything you are not using.
To verify any memory usage issues, check your allocated memory for the DLP processes and text extractors, this is in the Agent policy.
For tracking down memory use, try SysInternals tools from Microsoft.