About policy distribution to agents prior to 16.0+ agent deployment
Article ID: 250881
Updated On:
Products
Data Loss Prevention
Data Loss Prevention Endpoint Prevent
Data Loss Prevention Endpoint Discover
Issue/Introduction
DLP 16.0x includes a new policy structure that requires additional consideration when agents have not yet been upgraded to 16.0x
Failure to prepare for this may result in event code 1216 'The Execution Matrix has reached the memory limit'
Environment
Enforce and Endpoint servers have been upgraded to 16.0 and later, while agent versions 15.8.x and earlier are still present.
Cause
ExecutionMatrixLowMemoryMonitor.freeMemoryLimitMB lower than is necessary.
Resolution
To send policies to legacy agents (pre 16.0) the policy size needs to be set in the Enforce UI (System > Settings > General > Legacy Agents Policy Set Size Limit). In addition to this there are 3 more settings that control the creation and propagation of policies to legacy agents.
Additional Information
These can be added to the FileReader.properties and need the FileReader to be restarted to take effect.
- ExecutionMatrixLowMemoryMonito
r.freeMemoryLimitMB - Default Value 200 MB. This determines how much MB of FileReader memory should be free for the legacy policy to be created. - ExecutionMatrixLowMemoryMonito
r.freeMemoryLimitPercentage - Default Value 5 percent. This determines how much percent of FileReader memory should be free for the legacy policy to be created. - ExecutionMatrixLowMemoryMonito
r.sizeLimitAsPctOfMaxMem - Default Value 25 percent. This limits the size of legacy policy to the percentage of FileReader XMX. For Example: if a legacy policy of 1 GB needs to be created, then the FileReader XMX needs to be at least 4GB (at default 25 percent).
Feedback
Yes
No
Powered by
