a user is attempting to upload a file and the upload fails shortly after the upload is initiated. 

If the DLP agent is stopped or removed the upload succeeds without issue.

The error returned is different depending on the website.

Applicable to any version of DLP

The error is not that of DLP, but rather of the website you are trying to upload to.

This is a fairly common issue with the DLP agent.

When a user attempts an upload it opens a connection with the server.

The DLP agent gets in the middle of this connection and starts to examine the payload.

If the upstream server may not allow enough of a grace period, then because the file transfer is delayed, it may time out and throw an error.

There are many potential reasons for this to occur.

The things you can do to remedy this are

#1, make sure that the amount of policy sent to the endpoint is minimal enough to do the job, and does not have unnecessary elements. DLP customers have a tendency to push all policies down all channels rather than tuning the policies specifically for the endpoints. This makes the policy matrix very large, and in turn detection takes a long time. The longer each detection takes the more likely you will run into these type of problems.

#2, make sure you are running the most recent version of the agent. We are constantly finding changes and problems with websites, applications, etcetera, and we are constantly rewriting the agent to compensate for what we find in the wild. For best results always use the most recent hotfix of the agent.

#3, Make sure you have provided the appropriate antivirus exclusion in not only antivirus, but any other security software that may be running on the machine. If we are competing with an antivirus or other security software, then our detection times will be greatly exaggerated. Our effectiveness is also diminished. So please be sure to exclude our processes and directories from any other security.

Please see

Best Practice: DLP Endpoint Agents with Antivirus Protection

#4, if the Website you are attempting to upload data to is a normal authorized business website then you may consider white listing the website so we are not inspecting the traffic, therefore we will not get in the middle and slow down the upload. Please be aware, a whitelist like this needs to be done through the agent configuration Channel filters, not through policy. An exception through policy still gets inspected, but then at the end we see the exception and throw out any incidents found. When white listed through the channel filters when we see the URL we do not perform any inspection, so it will not slow down the upload. ** Also be aware that frequently an upload to a website may redirect to another URL, and all URLs in the process must be identified, and excluded. Example the Website of www.example.com may actually trigger to go to ftp.example.com, or ww3.example-uploads.com, or some other redirect for processing uploads. 

Please see:

Exclude / Whitelist URLs from inspection in DLP