Guidelines for tuning Symantec Data Loss Prevention to scan large files
search cancel

Guidelines for tuning Symantec Data Loss Prevention to scan large files

book

Article ID: 173111

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Beginning with Symantec Data Loss Prevention 15.5, you can easily customize the content inspection size of files beyond the default maximum of 30 MB. To adjust the content inspection size, configure a server using the Enforce Server administration console at System > Servers and Detectors > Overview > Configure Server, and select the Detection tab for detection servers. You can move the slider on the Detection tab to the value you desire. Depending on the content inspection size you choose, certain advanced settings are automatically adjusted.

You need to edit certain properties files on the Enforce Server and the Discover Server to use this feature if you move the slider beyond 30 MB. In addition, you may need to increase your system memory if you do not have enough to accommodate your preferred content inspection size.

You do not need to edit properties files or increase memory for DLP Agents.

Note: After you edit properties files, you must save the files and restart services to implement your changes.

There are different content inspection file size limit for different channels.  The following table lists the different channels that Symantec has tested and the corresponding supported file size limits.

Channel File size limit
Endpoint Prevent 150 MB
EDAR 150 MB
   
Discover Exchange Crawler 150 MB
Discover File System 2 GB
Discover Sharepoint 2 GB
Appliance - REST

1.2 GB

1.7 GB (Base64 encoded)

   
Web Prevent FTP 150 MB
Web Prevent HTTPS/HTTP 100 MB
SMTP Prevent 150 MB

See the attached Guidelines for tuning Symantec Data Loss Prevention to scan large files (last updated on 7 February 2020).

 

 

Resolution

Read Symantec™ Data Loss Prevention Tuning Guidelines for Inspecting Large Files