Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
636 Views 4 Replies Latest reply: Apr 5, 2013 2:55 PM by Secure-It22 RSS
Secure-It22 Newcomer 43 posts since
Sep 8, 2010
Currently Being Moderated

Apr 5, 2013 11:34 AM

HDLP 9.2 Is Causing a Delay for Outlook Users

Hi  Guys,

 

I've a situation where , HDLP 9.2  is causing a delay (5-10mins) for  outlook users whenever they try to open an attachment, for example PDF, Word , Excel. This is happening with just the HDLP agent on the machines , i have not configured any policies as yet. Can anyone help? Thanks much !

  • keithdrone Apprentice 56 posts since
    Jan 28, 2013
    Currently Being Moderated
    1. Apr 5, 2013 2:21 PM (in response to Secure-It22)
    Re: HDLP 9.2 Is Causing a Delay for Outlook Users

    What is your policy for Outlook?

     

    We had the same issues, and had to restrict if it would dynamically scan all files (catagory based) or if it would rely on tags (based on previous identification, such as discovery).  Also, you can restrict to file types as well.

     

    You may wish to also verify the 'footprint' of utilization on those systems, depending on how many criteria you are searching for (dictionary/txt patterns) you may need to expand the Text Extractor and Agent memory allocated.

     

    We are just scanning for Credit Card Numbers so we need less memory allocated than say, someone who's auditing for multiple criteria.

  • keithdrone Apprentice 56 posts since
    Jan 28, 2013
    Currently Being Moderated
    3. Apr 5, 2013 2:33 PM (in response to Secure-It22)
    Re: HDLP 9.2 Is Causing a Delay for Outlook Users

    Are you managing through EPO?

     

    Sounds like something is assigned, you may wish to verify the options in your Global Agent configuration (through the DLP policy section of EPO if you utilize that).   And check the policy catalog in EPO for DLP to see if you have a default one there which over-rides it.

     

    You can create policies that either check just the tags, or scan the whole file.  Here is our setup, but mileage my vary!

     

    Email discovery nightly, tag and monitor (report to server)

    file discovery, same.

    protection rules run off of mostly the tags, because we have Vontuu as well which checks outgoing email and web traffic for DLP.  

     

    If you don't have tagging enabled, you will be scanning the files every single time something touches them.   It's a pain in the rear.   

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points