Diagnosing Endpoint Performance Issues

book

Article ID: 160301

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

Endpoint is slow.  What you can do to diagnose the issue.

Resolution

  • Collect information about the current state of the machine with respect to the CPU usage, memory usage, VM size.
  • Disable all the policies and try with a simple keyword policy to see if the performance shows any improvement.
  • Add the Endpoint Agent install directory location to the white-listed location in the anti-virus (if any).   For more information on A/V with Endpoint, see TECH220235
  • Check if Local drive monitoring is enabled on the Enforce. Try disabling the Local drive monitoring feature and check if the performance is degraded.  Follow the below mentioned steps to check if the feature is disabled:

Open the configuration database using the Vontu SQLite tool.  TECH219080

  1. Run "select * from configuration where name='AgentFeature' and setting='LOCAL_DRIVE';" command.
  2. Check if the value shown is "DISABLED".
  • Monitor the CPU and memory usage for the EDPA process; use performance monitor tool to collect this information.
  • Analyze if the performance degradation is for some period or continuously.
  • Delete File System Connector from the configuration database and then verify if the performance improves. Use the following steps to remove the File System Connector.

Open the configuration database using the Vontu SQLite tool. TECH219080

  1. Run "delete from configuration where name='ComponentLoader' and setting='{69DBA1E1-4E03-4ce9-B323-F46EAEC6441E}';" command.
  2. Restart EDPA.

Note: This component is required for the other components to function. Please restore this entry back when the issue is resolved. Use command "insert into configuration values ('ComponentLoader','{69DBA1E1-4E03-4ce9-B323-F46EAEC6441E}','str','File System Connector');"

  • Check the size of the *.ead files located in the Endpoint Agent directory, by default in C:\Program Files\Manufacturer\Endpoint Agent.  It should not be more than 5MB.
  • If the issue is still not resolved, collect the dump of EDPA using Dr. Watson.