Copying data to IronKey device is slow with the DLP Endpoint Agent enabled

book

Article ID: 160241

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Symptoms:  

  • Copying data to IronKey Encrypted External Hard Drive Disk (HDD) is very slow when DLP Endpoint Agent is enabled.
  • Issue has been experienced both in Windows XP and Windows 7 environments.
  • With the Endpoint Agent enabled: Transfer speed--230KB/sec
  • With the Endpoint Agent disabled: Transfer speed--2MB/sec
  • Adding IronKey in the ignore filter under Agent Configuration page in the format *\Ironkey\* in the Enforce console had no affect.

Cause:

By reviewing the activities of DLP by running Process Monitor (procmon) and verified in edpa_ext0.log that while copying data to IronKey encrypted HDD there was a process which was being intercepted by the Endpoint Agent process multiple times. The process name is "IKMalwareScanner.exe"

Resolution

Ironkey uses an Anti-Malware Scanner which will slow down the connectivity to the device as the Endpoint Agent will monitoring it also which adds an time delay.  

Two options to workaround the issue are:

1. Disable IronKey Malware Scanner that runs automatically when you unlock your IronKey (please refer to Ironkey Manufacturer guidelines)

                OR

2. Whitelist the scanner process "IKMalwareScanner.exe" in the Endpoint Application Monitoring in the Enforce UI. After whilelisting the process the transfer speed was reduced to 2MB/sec.