We are currently deploying 9.2 patch 2 in our environment and we are seeing lots of issues. Below is a list of them:
|Hardware based||Machine was too slow to run DLPE and if it ran DLPE, CPU would spike to above 50% and stay there for 10 minutes or longer; the machines did meet minimum system requirements. The machines that were production units need to be quick and cannot handle a 50% spike from another process because these stands may be used to take measurements for a part and the machine being off by seconds may result in a failed test. If the part fails the test, then we cannot ship the product.|
|High CPU Usage||Some machines experience high CPU usage where the CPU utilization will be at or above 25%. (This may occur in Bypass mode.) Scanning of applications helps these machines for a little while, but the problem will come back later in the day; could be after 4 hours of work or later in the day. Visual Studio and concurrent new software installs may create this issue. Visual Studio issue occurred a month after the initial DLPE deployment.|
|Latency on file Open||Opening a ".pl" file locally and over a network share takes a long time. Put machine in bypass mode, but didn’t help. Reduced rules to USB only and machine got better. PL files have been added to tagging rules as an exclusion, but this didn’t help. I also disabled tagging rules altogether and this still didn’t help the machine. I tried disabling Printer and Application Add-ins and when I did this the first open of the ".pl" file was slow, but subsequent opens were fast. When the member killed explorer.exe and redid everything it was slow on the first open and fast on the next few. Disabling network drivers in the modules menu under agent configuration produced the same results. The machine also operates fine under "Device control and content aware removable storage protection (Without tag support)".|
|IE crashing||Internet Explorer keeps crashing, the machine freezes. DLPE was removed from the system and the machine's IE did not crash anymore. DLPE debug logging was turned off to make the machine not dump any data when IE crashed as it was believed that IE would crash due to DLPE dumping a log in the background for various OTHER crashes; this did not help the system. (fcag.exe would never spike) Other applications would work fine. This would happen later in the day and next day in the morning; this issue occurs on systems that have IE 8 installed. Uninstalling and reinstall solved this issue, but other machines still see it.|
Ensure that your hardware meets minimum requirements as defined in the Install Guide. From my experience I can say that machines used by developers / programmers need to be significantly better than what the rest of the population uses.
High CPU Usage:
Same comments as above. Also ensure that all development activity is done using Desktops. Laptops never make for good development scale machines.
Ensure that the you have reviewed and understand how Application Definitions work and are using Trusted strategy correctly and effectively.
Latency on file open:
There were some known issue with network latency. Work with support and confirm whether 9.3 resolves the issue. If it does, deploy 9.3 instead.
Disable the HTTP handler if you are not using Web Post Protection rules. If you are using that rule, work with support for a fix.
According to the guide:
• Pentium III 1 GHz or higher
• 256 MB minimum for McAfee Device Control software (1 GB recommended)
• 512MB minimum for full McAfee DLP Endpoint software (1 GB recommended)
• Hard Disk:
• 200 MB minimum free disk space
All of our systems meet these requirements.
Latency on file open:
We have had the user pull the file to their local machine, but this doesnt help them with latency issues.
How many content bases rules are in effect? Are you running discovery scans as well?
Fine tuning the RegExes (if they are being used) and the rules should help. Discovery scans will result in performance impact (depending on a lot of factors) just like anti-malware scans.
We have 18 protection rules and 8 content class rules. We do not have ANY discovery rules. Discovery scans should not be running.
Fine tuning RegExes?
I am guessing you are using Text Patterns for your protection / content classification rules. The Text Patterns use Regular Expressions (RegExes)
Or are you using Tagging rules? Tagging rules esp. Application Based Tagging rules configured incorrectly can significantly affect system performance..
Do the systems run Mcafee Virus scan or another AV product? Have you added exclusions to the fcag processes so that a malware scanners don't interfere?