We use DLP 9.3 only for the device control element. We do not look for text pattenrs of scan the files for any info. Purely device blocking whether it be removable storage or PNP.
We are seeing extrememly high CPU for the fcagte.exe process running constantly for hours on new builds.
I am waiting the the dig 9.3 tool from McAfee but I can see from Procmon that the process is just reading through everything.
I am not even sure, given the function I want DLP to perform , that I even need this process.
Looking at the two images attached if I selected 'Device Control Only' would the fcagte.exe even kick in ? Or would I need to disable the 'File Copy Handler' as well ?
Help would be much appreciated !
You can request the beta policy tool for 9.3 but it may not work without patch-1.
There is no reason you should have high CPU usage. Right now you have content-aware material, which could include white-listed repositories/etc. Are you wanting to prevent copying sensitive data to removable media, or prevent the removable media from being accessible at all?
I didn't want content aware enable. Only blocking devices. I switched it to Device Control only so the fcagte process was not required.
I'll have to deal with the high cpu issue if and when we ever want to switch to content aware DLP !
We are seeing the same thing with DLP 188.8.131.52. I also did the same thing and changed it to device only.
Would love to hear from anyone else that is having hi CPU on this process. The process is using up to 2 gigs of memory in our examples
I will reply if I see progress from making the same change.
If you are ONLY using device control, select the last option on that screen. "Device Control Only"
Otherwise it performs other checks that you likely are not using.