We use DLP 9.3 only for the device control element. We do not look for text pattenrs of scan the files for any info. Purely device blocking whether it be removable storage or PNP.
We are seeing extrememly high CPU for the fcagte.exe process running constantly for hours on new builds.
I am waiting the the dig 9.3 tool from McAfee but I can see from Procmon that the process is just reading through everything.
I am not even sure, given the function I want DLP to perform , that I even need this process.
Looking at the two images attached if I selected 'Device Control Only' would the fcagte.exe even kick in ? Or would I need to disable the 'File Copy Handler' as well ?
Help would be much appreciated !
You can request the beta policy tool for 9.3 but it may not work without patch-1.
There is no reason you should have high CPU usage. Right now you have content-aware material, which could include white-listed repositories/etc. Are you wanting to prevent copying sensitive data to removable media, or prevent the removable media from being accessible at all?
I didn't want content aware enable. Only blocking devices. I switched it to Device Control only so the fcagte process was not required.
I'll have to deal with the high cpu issue if and when we ever want to switch to content aware DLP !
Did this answer/solve your issue?
Don't forget you can do some of the same things with preventing devices from being accessed with some creative GPO's in AD.
We are seeing the same thing with DLP 220.127.116.11. I also did the same thing and changed it to device only.
Would love to hear from anyone else that is having hi CPU on this process. The process is using up to 2 gigs of memory in our examples
I will reply if I see progress from making the same change.
We have the same problem with the FACAGTE.EXE process. It takes from 12 to 50% of utilization.
Any ideas on why this is happening?
If you are ONLY using device control, select the last option on that screen. "Device Control Only"
Otherwise it performs other checks that you likely are not using.
I have serious problem with DLP enabled workstations.
most of them are using all CPU cores for 100% for several hours, and then CPU drops.
I am using full Protection mode of DLP, and I am using Symantec Endpoint Protection.
please help me in this case, which is so mission critical to us.
Thanks and regards.