By default, Office 365 applications are in a continuous AutoSave mode that saves document changes every few seconds as you type. When DLP is configured to monitor these documents, frequent changes to large files can cause significant delays for end-users due to the overhead involved with content extraction and detection.
As of DLP 15.7, the endpoint agent includes a new Office 365 add-in - csa.dll or csa64.dll for monitoring Office 365 file sync to cloud storage.
The csa.dll or csa64.dll add-in is enabled/installed when both of the following settings are enabled in an Agent Configuration:
DLP 15.7, 15.8 and higher.
What is AutoSave?
Typically organizations do not scan local drives nor secure corporate network/cloud storage such as SharePoint whether on-prem or hosted (cloud). If for some reason you're not able to exclude these locations as shown in Option 2, you should consider disabling the AutoSave feature in Office 365 using the following steps in any Office 365 application:
Ignoring Files that are Copied Directly to a local OneDrive directory
Log in to the Enforce console and navigate to System > Agents > Agent Configuration > (configuration) > Channel Filters (tab) > Filter by File Properties > Add Monitoring Filter (button)
Set the following properties and then click save:
Set the filter order so this file path is ignored before any filter that would monitor the same path and then click save.
Example:
Ignoring Files Saved to OneDrive through an Office 365 Application
See also: How to export DLP Office add-in certificate and distribute via GPO
See also: What is AutoSave?