Copying data to IronKey device is slow with the DLP Endpoint Agent enabled


Article ID: 160241


Updated On:


Data Loss Prevention Endpoint Prevent



  • Copying data to IronKey Encrypted External Hard Drive Disk (HDD) is very slow when DLP Endpoint Agent is enabled.
  • Issue has been experienced both in Windows XP and Windows 7 environments.
  • With the Endpoint Agent enabled: Transfer speed--230KB/sec
  • With the Endpoint Agent disabled: Transfer speed--2MB/sec
  • Adding IronKey in the ignore filter under Agent Configuration page in the format *\Ironkey\* in the Enforce console had no affect.


By reviewing the activities of DLP by running Process Monitor (procmon) and verified in edpa_ext0.log that while copying data to IronKey encrypted HDD there was a process which was being intercepted by the Endpoint Agent process multiple times. The process name is "IKMalwareScanner.exe"


Ironkey uses an Anti-Malware Scanner which will slow down the connectivity to the device as the Endpoint Agent will monitoring it also which adds an time delay.  

Two options to workaround the issue are:

1. Disable IronKey Malware Scanner that runs automatically when you unlock your IronKey (please refer to Ironkey Manufacturer guidelines)


2. Whitelist the scanner process "IKMalwareScanner.exe" in the Endpoint Application Monitoring in the Enforce UI. After whilelisting the process the transfer speed was reduced to 2MB/sec.