User is trying to upload larger files that can be approximately  400MB +  files to Support Portals for Example:  EXAMPLE.COM   but EDPA spikes the CPU high and slows down the upload tremendously, causing it to fail. When DLP is disabled,  the files uploads immediately with no issues. The files in questions are nested ZIP, TAR, and or GZ files.

When the DLP is running it will begin to consume most of the systems resources due to trying to scan jar, ini, exe, dll, nls, vp and or any other images within the compressed files and folders. We have seen that most of these compressed files consists more than 50K files/folders that DLP has to scan. We have seen take hours for the scan to complete or sometimes timeout either because DLP cannot access certain files, or have unknown file types 

When you review the EDPA logs; you will see the following request

File: XX\agentlogs\'XXXXX'_20220727141702_edpa.log
Date: 7/27/2022 2:09:09 PM
Thread: 8072
Level: INFO
Source: CoreServices.MessageLogger
Message: MESSAGETYPE_DETECTION_REQUEST    MESSAGESOURCE_FILE_SYSTEM_CONNECTOR  07/27/2022 18:09:09  [
Request Id #566
Detection Request Details :
 Session Command : Single Request
 Request Type : Data In Motion Request

Dim Detection Request Details : 
 Process Id : 20072
 Process Path : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 Application Name : Google chrome
 User : XX
 Domain : XX
 Time Stamp : 07/27/2022 18:09:09
 Dim Event Type : HTTP(S)

HTTP(S) Details : 
 URL : https://EXAMPLE.com/portal/files/YzZxx5ZWQ3NzczNTxxxOTgyYWZmxxFhYTlkMjVkYjA2MDkxZTRjYTxxRlMWI1xxyZTxxNA

Network Info Details : 
 Source IP : 
 Source Port : 0
 Source Domain : 
 Destination IP : 
 Destination Port : 0
 Destination Host Name : supportfiles.f5.com

File Attachment Details : 
 File Path : C:\Users\XX\temptrash_C3839304_uploads\EXAMPLE\XXXX.tar.gz
]

Below shows that we are unable to open the file and I can see this repeatedly  throughout the logs 

File: XX\agentlogs\xx7141702_edpa.log
Date: 7/27/2022 2:14:54 PM
Thread: 25024
Level: WARNING
Source: Detection.BufferFile
Message: Failed to open file C:\Program Files\XXXX\temp/buffer\2\5613: No such file or directory

One possible solution is to have the user's password protect the compressed file that requires uploading to a support case - Unless you are required to scan these files for sensitive data; then the users should not be uploading such files to a support portal. 

And if your DLP is configured to block encrypted zip files from upload they will again fail.

Another potential workaround would be to provide an exception for users with the business justification to upload files.

You may wish to provide the exception VIA the agent configuration by browsing to System > Agents > Agent Configuration and creating a new agent group that would be for your authorized users.

Here you could choose to ignore the detection of zip files altogether, or under Filter by Network Properties, you could add the IP address or URL of the authorized domain in which uploading would be allowed.

Please note:

There are advantages and disadvantages to each method indicated.

You should thoroughly test the methods to see which solution is the best for your organization