7 Replies Latest reply: Mar 17, 2015 9:42 AM by bretzeli RSS

    DLP - Multiple events getting generated in an exponential rate.


      End point product: Data Loss Prevention



      ePO Server: 4.8



      Client OS : Windows 7



      Total Client: ~5000






      Events are getting generated in an exponential rate even when not all the clients are running.



      The eventIDs are not duplicates, they are all individual events.



      One client(system) is assigned per user, not like multiple users are using one system.



      It seems like in every 10-11 seconds an event is getting created.



      The Mode is in "Monitor".



      I thought first that it's working as intended but when we are getting events (simply plug/unplug) in every 10-11 secs from one computer (for example) it does not seem usual.



      Is there anything certain I should check in the Rules.



      Fairly new in this field, any thoughts will be much appreciated and pardon any confusions.