Copying data to IronKey device is slow with the DLP Endpoint Agent enabled
Last Updated November 20, 2013
Copying data to IronKey Encrypted External Hard Drive Disk (HDD) is very slow when DLP Endpoint Agent is enabled.
Issue has been experienced both in Windows XP and Windows 7 environments.
With the Endpoint Agent enabled: Transfer speed--230KB/sec
With the Endpoint Agent disabled: Transfer speed--2MB/sec
Adding IronKey in the ignore filter under Agent Configuration page in the format *\Ironkey\* in the Enforce console had no affect.
By reviewing the activities of DLP by running Process Monitor (procmon) and verified in edpa_ext0.log that while copying data to IronKey encrypted HDD there was a process which was being intercepted by the Endpoint Agent process multiple times. The process name is "IKMalwareScanner.exe"
Ironkey uses an Anti-Malware Scanner which will slow down the connectivity to the device as the Endpoint Agent will monitoring it also which adds an time delay.
Two options to workaround the issue are:
1. Disable IronKey Malware Scanner that runs automatically when you unlock your IronKey (please refer to Ironkey Manufacturer guidelines)
2. Whitelist the scanner process "IKMalwareScanner.exe" in the Endpoint Application Monitoring in the Enforce UI. After whilelisting the process the transfer speed was reduced to 2MB/sec.
Imported Document ID: TECH220685
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe