Large files detection for IDM on Endpoint Agent


Article ID: 242463


Updated On:


Data Loss Prevention Data Loss Prevention Endpoint Prevent


Detection for large-size files not working when IDM rule is chosen. You would like to detect files indexed with the IDM technology, including files larger than the default 30 MB maximum size, using Endpoint Prevent. However, after creating the required IDM indexes and a policy based on an IDM matching rule, you still do not see successful detection, even when testing the same exact files which have been indexed.


You already followed guide 173111. The reason is that there might be still additional configuration missing to allow DLP to match the larger files in the agent and server configuration.



Release : DLP 15.7 and newer

Component :


Please make the below additional configuration changes to allow the Endpoint Agent to successfully match the larger files indexed with IDM. 

1. For endpoint you will need to change the following Advanced Settings in  Agent configuration to the file size you want(in bytes):

more on each setting in the documentation:

Important Note: Be aware that increasing these settings can impact Endpoint performance. Also we advise 150 MB as the maximum for Endpoint Prevent.

2. On Enforce go to Indexer.propeties file located by default in  C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\ and increase the value of parameter max_bin_match_size value (should be equal to ContentExtraction.MaxContentSize).

3. On the Detection Server please modify DDM.MaxBinMatchSize setting in Advance Setting to match max_bin_match_size. 157286400 in our scenario.

4. Reindex the IDM profile.