As with other detection server types (Discover, Monitor, Prevent), the Endpoint Agent has a default setting of 30MB, expressed in bytes as 31457280. This is to keep resource usage low when cracking files, a larger file will require significantly more resources than a smaller one.
There are two scenarios in which you may wish to change this value:
1. Your client has a need to crack files of a larger size than the default, or
2. You are attempting to troubleshoot the use of resources on a machine with the Agent installed; the edpa.exe is likely using too much CPU and memory.
To change this setting:
1. Log in to the Enforce Console and navigate to System -> Agents -> Agent Configuration.
2. Click on your Agent Configuration.
3. Click Advanced Settings and scroll down and search for:
Detection.MAX_FILTER_FILE_SIZE.int
4. Change the value as necessary. The formula for converting megabytes to bytes is:
MB x 1024 x 1024, where MB is the MB target.
Some examples:
10MB is 10485760
30MB is 31457280
50MB is 52428800
5. Save changes and apply the changes to the Agent Group in order for them to take effect.
Note: Retain incident attachment behavior has changed. Prior to DLP 14.5, the Endpoint incident attachment file would be truncated at IncidentHandler.MAX_INCIDENT_FILE_SIZE.INT. In DLP 14.5 and later if the incident attachment file is larger than IncidentHandler.MAX_INCIDENT_FILE_SIZE.INT it will be discarded and replaced with a text file that contains the text, "The file exceeded the data retention threshold and was not retained."
See also: Increasing the inspection content size