search cancel

DLP Agent performance degrades when a user remotely accesses another endpoint

book

Article ID: 163296

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

DLP Agent performance degrades when an endpoint user accesses another endpoint using the Microsoft Remote Desktop Connection application and both endpoints have DLP Agents running.

Cause

Performance may be degraded because the endpoint that uses a Remote Desktop Connection to access the other endpoint attempts to analyze the network packets that are generated for the Remote Desktop Connection. The endpoint being accessed may also experience similar performance degradation due to the same network packet analysis process.

Resolution

Whitelist network access monitoring for the Microsoft Remote Desktop Connection application.

Complete the following steps in the Enforce Server administration console:

  1. Go to System > Agents > Application Monitoring.
  2. Add the Microsoft Remote Desktop Connection application.
    • ​Enter Microsoft Remote Desktop Connection in the Name field.
    • Enter mstsc\.exe in the Internal Name field.
    • Enter mstsc\.exe in the Original Filename field.
    • Select Generic under the Application Type section.
  3. Enable the following under the Application Monitoring Configuration section:
    • Print/FAX
    • Clipboard, Paste
    • Write operations
  4. Confirm that Network access is disabled.
  5. Save your changes.