After upgrading the endpoint agent, performance for some or all users with Internet Explorer has become unuseably slow; often not loading websites at all.
Example: FINEST level agent logging - edpa_ext0.log
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | Task submitted to ThreadPool: FSC.FPRTask
01/04/2017 11:04:57 | 5068 | FINEST | FileSystem.FileSystemConnector | TaskScheduler::NoThreadAvailableException
The last line states we ran out of threads. If we see "NoThreadAvailableException" frequently. This is likely the cause for hindered performance.
DLP 14.5+ has additional File Path Resolution (FPR) capability. This features can often result in several thousand tasks created for file path resolution and has been known to affect performance.
In many cases this can be resolve by setting the following advanced agent setting to '1'.
System > Agent > Agent Configuration > $AgentConfigurationChange$ > Advanced Agent Settings
NetworkMonitor.APPLY_PREFILTERS_TO_FPR.int
1
This allows the filters on the agent monitoring tab of the agent configuration to apply to the tasks created for FPR.
In some cases however, this may not be enough to resolve the issue and the file pre-filters may need to be modified to include other common FPR locations.
Common file types that will generate a large quantity of FPR tasks are .tmp and .xml files. To further ignore these you can add a filter to ignore these file types.
Note: This will prevent detection on these two file types when uploading them to a destination via HTTP or HTTPS. However, these two file types are not likely to contain sensitive data.
If performance is still poor after adding these filters, and 'nothreadexception' continues to be found in the agent logs. We can identify what file path resolution tasks are still being generated and tune the filters further.
To do this install DebugView
The Debugview capture will list the paths that are having FPR tasks created for them, this will include the file extension.
Search the capture for "Sending request for FPRS \" to locate the remaining paths that do not meet already existing file pre-filters from the agent configuration. Note file types that are not likely to contain PII files (like .tmp files mentioned above). Then create a new file filter or modify an existing file filter to exclude these file types using 'HTTP/HTTPS Attachment' as a destination.
--------------------
Note, the agent pre-filters, cannot be applied to files that do not have a file extension. This will apply to many FPR requests for the windows encryption files such as
\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d. By themselves, the unfilterable file paths should not be problematic however.