Endpoint policies that include an EDM rules will cause extra messages to be sent to the Endpoint Server

book

Article ID: 159671

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

EDM detection rules on an Endpoint Agent can cause network performance issues.  

 

Environment

[DLP Endpoint Prevent] 14.0 to 15.0

Resolution

To reduce the number of messages, we recommend creating a compound rule for the Endpoint policy.

 First, set the rule for the EDM, then select 'also match' a DCM target, such as a keyword or a data identifier.

The DCM detection rule will work as a short circuit. Only the messages that match the DCM will be sent to the Server.