Agent performance spikes
search cancel

Agent performance spikes


Article ID: 160326


Updated On:


Data Loss Prevention Endpoint Prevent


Endpoint Agent may have performance spikes with large file processing.


There may be some spikes in memory, CPU, and disk usage as the Symantec DLP Agent operates. The DLP agent does not reduce the priority on Endpoint Prevent, because that could delay movement of files, which would be a more noticeable delay.  Spikes in performance can be caused if there is a significant amount of data to monitor especially with poorly written policies that take longer to evaluate. For example, if you try to send an email with multiple attachments, the performance of the task may be slower, such as a delay in sending email or copying to USB. The Symantec DLP Agent uses additional resources to monitor and perform detection on each of the attached files as well as on the
message itself. As soon as the email attachments are processed, the extra resources are released and the Endpoint performance returns to normal. Spikes in performance are normal so long as the spikes do not fluctuate wildly.

If an Agent has not connected to its Endpoint Server for a long time, it sends all of its accumulated incidents and events to the Endpoint Server when it reconnects.
The Agent also downloads any new policies or Agent configurations. The performance of the Endpoint computer decreases while the Agent performs these synchronization activities with the Endpoint Server.