This article addresses the file processing size limits of Data Loss Prevention.

Based on the default settings, a Detection Server will only process message content that is 30 MB or smaller.

• If the message content is greater than 30 MB, DLP will truncate the content and only scan up to the 30 MB size, where possible. 
• On endpoint, DLP will only process a file that is less than 30 MB.

One exception to this is with encapsulation formats (.zip, .z, .tar, .rar etc). In that case, DLP will extract the files and process them.

• • Any file within the encapsulation that is greater than 30 MB will not be processed if the content is not accessible after it has been extracted due to truncation.
  • Any file that is less than 30 MB will be processed where possible. 

The 30MB value can be increased, but there can be resource issues for increasing the size.

Large files not detected on the Endpoint

1. The maximum file size that will be detected on the Endpoint is controlled by Advanced Agent Setting named "Detection.MAX_FILTER_FILE_SIZE.int" which is 30 MB by default.
2. The first level of check for this setting is on the file size. If file seen on the Endpoint is larger than the setting value, the file is ignored. The file will not be sent to detection at all.
3. The second level of check for this setting is on the extracted content size. If the file seen on the Endpoint falls within this setting limit, it is first sent to content extraction. After content extraction, if the size of the extracted content is larger than this setting value, truncation occurs. The extracted content is truncated to the size governed by this setting value.
4. In case of containers, sub-files are extracted and size of each sub-file is matched against the setting value. The size of the container is not checked against the max file size filter setting.

Large Files not Detected on the Server:

1. The maximum content size that will be detected on the Server is governed by two Server settings: ContentExtraction.MaxContentSize and FileReader.MaxFileSize. Both settings are set to 30 MB by default (maximum setting is 2047M).
2. If the file seen on Server (E.g. File attached to email sent over the network, or the Email itself) is larger than FileReader.MaxFileSize, the file will be ignored.
3. If the file seen on Server falls within FileReader.MaxFileSize, content will be extracted up to limit governed by ContentExtraction.MaxContentSize. Detection will occur only on the extracted content up to the ContentExtraction.MaxContentSize limit. The enclosing file size is considered part of the MaxContentSize limit. For example, for a 1GB zip file, at most 1GB of content would be extracted for detection.