Large files detection for IDM on Endpoint Agent
search cancel

Large files detection for IDM on Endpoint Agent


Article ID: 242463


Updated On:


Data Loss Prevention Data Loss Prevention Endpoint Prevent


Detection for large-size files not working when an IDM rule is chosen. You wish to detect files with IDM technology, including files larger than the default 30 MB maximum size using Endpoint Prevent. However, after creating the required IDM indexes and a policy based on an IDM matching rule there are no successful detections even when testing the same exact files which have been indexed.


Release: DLP 15.7 and newer



See 173111 before proceeding.  If the behavior still occurs, there may still be additional configuration missing to allow DLP to match the larger sized files in the agent and server configuration.



Please make the below additional configuration changes to allow the Endpoint Agent to successfully match the larger files indexed with IDM. 

1. For endpoint you will need to change the following Advanced Settings in Agent configuration to the file size you want(in bytes):

There is more information on each setting in our documentation:

Important Note: Be aware that increasing these settings can impact Endpoint performance. Also we advise 150 MB as the maximum for Endpoint Prevent.

2. On Enforce go to Indexer.propeties file located by default in  C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\ and increase the value of parameter max_bin_match_size value (should be equal to ContentExtraction.MaxContentSize).

3. On the Detection Server please modify DDM.MaxBinMatchSize setting in Advance Setting to match max_bin_match_size. 157286400 in our scenario.

4. Then Re-Index the IDM profile.