High CPU Utilization on Network Prevent for Web Servers
search cancel

High CPU Utilization on Network Prevent for Web Servers


Article ID: 164950


Updated On:


Data Loss Prevention


What are the factors which contribute to high CPU usage on Network Prevent for Web servers?


Note: This is not a tuning guide.  For tuning, please refer to professional services and the Data Loss Prevention Network Prevent for Web ICAP Performance Tuning guide. 


The following applies if there are performance issues on the web prevent servers, also ICAP requests queuing on the proxy servers etc. The following are a few factors which control the performance on the web prevent server

  1. The web prevent server may need to be properly tuned.  Please see the tuning guide above. 

  2. The size of the ICAP requests which can be configured through enforce under the configure page of the web prevent server.  The smaller the size the higher the CPU utilization. The size is 4KB by default.

  3. The detection time of every single ICAP request.  This can be observed by enabling the detection trace logging  under file readerlogging.properties (symantecDLP\protect\config\ directory on the detection server), the setting is OFF by default it needs to be switched to FINE, it will generate a file, which would contain how long the detection server takes to process the incoming requests.  Generally for 4KB ICAP requests, the time taken to process the requests should be in the range of 100-500ms (this may vary), depending on the complexity of the policies.  

  4. The policies need to be fine tuned to reduce this processing time which in turn improves performance.