Endpoint Discover scans on Mac Endpoint Agents causes performance issues for the end user

book

Article ID: 169982

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover

Issue/Introduction

While doing an Endpoint Discover scan with Mac Endpoint Agents, the CPU utilization of the EDPA process will get very high, causing performance issues and the user experience on the Endpoint Machine to degrade.

Cause

There is no resource consumption throttling available for Mac Endpoint Discover scans as of DLP 14.6 MP1 and thus the agent is allowed to consume large amounts of CPU resources while performing a Discover scans. Resource consumption throttling is only available for Windows Endpoints as of DLP 14.6 MP1.

Environment

Mac DLP Endpoint Agents

Resolution

Change the Discover.SCAN_ONLY_WHEN_IDLE.int  property to 1, which will force the Endpoint Agent to only perform Discover scanning while the system is idle. This should improve system performance for the user but could result in the scan taking longer to complete.

1. Log into the Enforce console.
2. Navigate to System -> Agents -> Agent Configuration.
3. Click on the Agent Configuration the effected agents are in.
4. Click the Advanced Agent Settings tab.
5. Search for the property name, Discover.SCAN_ONLY_WHEN_IDLE.int .
6. Change the value of Discover.SCAN_ONLY_WHEN_IDLE.int  from 2(the default value) to 1.
7. Save the agent configuration.
8. Update the Agent Configuration to the agent group so that the agent configuration changes are pushed to the Endpoint Agents.