CPU limitation only works with file/email discovery.
#1 Add symantec processes/folders/locations to your DLP whitelist.
#2 Add DLP to your Symantec whitelist.
#3 Check your policies, you may have too 'wide' a net cast. Are you inspecting all applications for example, instead of specific ones? Adding applications to your 'trusted' list (whitelist) in DLP will greatly enhance your performance.
Thank you for your help keithdrone.
this cpu overload happens infrequent, but when it happens, depending on CPU architecture, it keeps the system unusable for about 2~3 hours.
even mouse will flicker. also it is not Symantec incompatibility issue. because it will happen even on the system without antivirus installed (Test Lab).
so what do you suggest me?
I suggest the same thing. This should have been identified in your testing/QA processes, you need to look at what is triggering the high CPU (what is occurring on the system, is it detection, or scanning, etc). First step is to ensure your applications are properly quantified in DLP so that your detection/protection rules are properly triggering.
For example, if you have an Application Protection rule set, make sure you have classified what applications you are really looking at triggering on, and put ones you don't want to trigger on in a 'trusted' catagory.
I really think your applications are not classified properly, in regards to what you are trying to detect/protect against. I suggest contacting support if you have issues setting up your DLP policy.
I do exactly what you told me.
but still the same issue;
I even disable all application protection policies.
Also, we don't have any classification policies.
what is your suggestion?