About policy distribution to agents prior to 16.0+ agent deployment
search cancel

About policy distribution to agents prior to 16.0+ agent deployment

book

Article ID: 250881

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

DLP 16.0x includes a new policy structure that requires additional consideration when agents have not yet been upgraded to 16.0x
Failure to prepare for this may result in event code 1216 - 'The Execution Matrix has reached the memory limit'

 

Environment

Enforce and Endpoint servers have been upgraded to 16.0 and later, while agent versions 15.8.x and earlier are still present. 

Cause

ExecutionMatrixLowMemoryMonitor.freeMemoryLimitMB lower than is necessary. 

 

 

Resolution

To send policies to legacy agents (pre 16.0) the policy size needs to be set in the Enforce UI (System > Settings > General > Legacy Agents Policy Set Size Limit). In addition to this there are 3 more settings that control the creation and propagation of policies to legacy agents.

Additional Information

These can be added to the FileReader.properties and need the FileReader to be restarted to take effect.
  • ExecutionMatrixLowMemoryMonitor.freeMemoryLimitMB - Default Value 200 MB. This determines how much MB of FileReader memory should be free for the legacy policy to be created.
  • ExecutionMatrixLowMemoryMonitor.freeMemoryLimitPercentage - Default Value 5 percent. This determines how much percent of FileReader memory should be free for the legacy policy to be created.
  • ExecutionMatrixLowMemoryMonitor.sizeLimitAsPctOfMaxMem - Default Value 25 percent. This limits the size of legacy policy to the percentage of FileReader XMX. For Example: if a legacy policy of 1 GB needs to be created, then the FileReader XMX needs to be at least 4GB (at default 25 percent).
Powered by Wolken Software