I have serious problem with DLP enabled workstations.
most of them are using all CPU cores for 100% for several hours, and then CPU drops.
even I limit CPU usage for
I am using full Protection mode of DLP, and I am using Symantec Endpoint Protection.
please help me in this case, which is so mission critical to us.
Thanks and regards.
CPU limitation only works with file/email discovery.
#1 Add symantec processes/folders/locations to your DLP whitelist.
#2 Add DLP to your Symantec whitelist.
#3 Check your policies, you may have too 'wide' a net cast. Are you inspecting all applications for example, instead of specific ones? Adding applications to your 'trusted' list (whitelist) in DLP will greatly enhance your performance.
Thank you for your help keithdrone.
this cpu overload happens infrequent, but when it happens, depending on CPU architecture, it keeps the system unusable for about 2~3 hours.
even mouse will flicker. also it is not Symantec incompatibility issue. because it will happen even on the system without antivirus installed (Test Lab).
so what do you suggest me?
I suggest the same thing. This should have been identified in your testing/QA processes, you need to look at what is triggering the high CPU (what is occurring on the system, is it detection, or scanning, etc). First step is to ensure your applications are properly quantified in DLP so that your detection/protection rules are properly triggering.
For example, if you have an Application Protection rule set, make sure you have classified what applications you are really looking at triggering on, and put ones you don't want to trigger on in a 'trusted' catagory.
I really think your applications are not classified properly, in regards to what you are trying to detect/protect against. I suggest contacting support if you have issues setting up your DLP policy.
I do exactly what you told me.
but still the same issue;
I even disable all application protection policies.
Also, we don't have any classification policies.
what is your suggestion?