After upgrading the DLP Agent to 15.8 some websites may experience performance issues in Chrome
search cancel

After upgrading the DLP Agent to 15.8 some websites may experience performance issues in Chrome

book

Article ID: 241775

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

After upgrading the DLP Agent to 15.8 some websites may experience performance issues in Chrome

This includes the following:

  1. Sites loading slower than expected
  2. Fields or forms lagging while entering data
  3. After submitting data to websites they take longer to respond or load. (Like two factor authentication. aka 2FA)

Note: All of which worked as expected in 15.7 or earlier

Environment

Release : 15.8

Component : Windows Endpoint Agent

Conditions: The issue is typically only observed when the Agent Advanced Setting VEP_File_Elimination.int is set to 0,1 or 4. The product default is 3.

Cause

Additional file scanning while loading websites may occur due to enhancements to the Chrome HTTP/HTTPS Attachment scanning feature.

Resolution

For HTTPS only websites, we recommend adding the following filter to the agent configuration:

Action: Ignore

Channel: HTTP/HTTPS Attachment

Type:

*.dll
*.ttc
*.ttf

 

With the new scanning technique these files can add up and take a noticeable amount of time and impact the user experience in Chrome. Be aware that this will ignore these file types for all https attachment activity (email, uploads, etc). The risk introduced with these files filtered is low as these file types are not a typical DLP threat vector. 

Save and Apply the filter then verify the improvements.

For HTTP based websites, update the following setting to 1 in the Agent Advanced Settings: NetworkMonitor.APPLY_PREFILTERS_ TO_FPR.int

Additional Information

If issues persist then review the FINEST level agent logs for the following types of messages for other file types to add to the filter:

Source: FileSystem.DetectionRequestAddTask
Message: The file <path to file>\<filename> was allowed to be copied or saved.

These message are applicable when following a Chrome logging message such as:

Source: CoreServices.ProcessActivity
Message: Received rtam message for process C:\Program Files\Google\Chrome\Application\chrome.exe(6300) create status(0) session Id(1) sandboxed appliction(0) store appliction(0) subsystem application (0)

 

See also: Agent Advanced Settings

Attachments

Powered by Wolken Software