When troubleshooting DLP Endpoint Agent slowness, it may be necessary to exclude the Symantec Endpoint Protection Agent software. On the other hand, it's unnecessary to include the files and folder of the SEP agent into the scan list of DLP agent. So, it's best to exclude the SEP agent from the DLP endpoint agent configuration.
1. Login to DLP Enforce Console, select 'System' --> 'Agents' --> 'Agent Configuration'.
2. Select the configuration from the list, usually the default one:
2. On the 'Filter by File Properties' section, click the pencil icon next to the 'Local Drive' destination, this will open to edit it:
3. On the 'File Attributes' section, input the following exclusion in the 'File Path on Destination':
C:\Users\All Users\Symantec\Symantec Endpoint Protection\* C:\ProgramData\Symantec\Symantec Endpoint Protection\* C:\Program Files\Symantec\Symantec Endpoint Protection\*
4. Click OK button to return to the 'Agent Configuraiton' page, then click 'Save and Apply'.
Then, the DLP Endpoint Agent will ignore the SEP agent folders and files.
Thanks for this info, as I have added these exceptions in my console. Do you know of anything else that may help with performance issues?
Aren't all of the SEP agent executables already excluded from monitoring through the Endpoint Application Controls? The key ones that do a lot of local drive writing are excluded from monitoring on this vector by default, making this unnecessary it seems. Am I missing something? This exludes the application itself, but would not exclude the directories from being monitored in either an Endpoint Discover Scan, or if a user decides to write to the installed SEP folders in order to evade detection for some reason (presuming you're monitoring local drive).
What we've found is more important with regards to Endpoint performance, and not included in SEP by default, is exlusion of the DLP agent within the SEP config.
~Keith
I might use this.