Improve the DLP Endpoint Agent Performance
search cancel

Improve the DLP Endpoint Agent Performance


Article ID: 176182


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention


  • Symantec Data Loss Prevention (DLP) Endpoint Agent is performing slowing or Endpoint Agent is slowing host machine down.
  • What can be checked to ensure the optimal performance of the host machine and the Endpoint Agent?


The DLP Endpoint Agent, similar to Anti-virus, or other hooking applications, involves itself in many processes on the machine. It is expected to see some slowness in the Agent and host machine. This will increase and decrease based on the scope of what the Agent Configuration is and a few other items to be addressed in this article. 


Items to ensure optimal performance: 

  1. Ensure System Requirements of the host machine have been met or exceeded. See the bottom of the following article for links: Endpoint computer requirements for the Symantec DLP Agent (
  2. Try rebooting the machine to ensure that issues are not related to that one login session. 
  3. Ensure that your Anti-virus is whitelisted in the DLP Agent Configuration by following: How to whitelist or exclude an application from DLP Endpoint Agents
  4. Ensure the DLP Agent is whitelisted in Anti-virus according to Best Practice: Endpoint Agents with Antivirus Protection
  5. Whitelist other applications not to monitor, particularly other active security applications and/or Backup and Recovery applications at the company's discretion. Sometimes other non-performance issues can warrant whitelisting of an application. In the case of, "frbackup on a Macintosh filling the internal drive with temporary files and cannot be deleted"
  6. See if there are any mem/crash dumps on the agent. Supply these to Symantec Support if they are present. 
  7. Check if you enabled "local drive" in the Channels tab to select the endpoint applications and destinations (channels) to monitor. "Local drive" monitoring may cause performance issues since DLP will start monitoring every file created on a local drive.  If you need to monitor files located on the local drive, Endpoint Discover is recommended.
  8. Follow Best Practices with policies 
    1. Policy matrix information: Best Practice: DLP Policy Exception Count for Endpoints (
    2. EDM and IDM information: DLP Best practices for using Data and Document profiles (