What are the factors which contribute to high CPU usage on Data Loss Prevention Network Prevent for Web detection servers?

Note: This is not a tuning guide.  For tuning, please refer to professional services and the Data Loss Prevention Network Prevent for Web ICAP Performance Tuning guide. 

The following applies if there are performance issues on the Web Prevent servers, also ICAP requests queuing on the proxy servers etc. The following are a few factors which control the performance on the web prevent server:

1. The Web Prevent server may need to be properly tuned.  Please see the tuning guide above. 
   
   
2. The size of the ICAP requests which can be configured through Enforce under the configure page of the web prevent server.  The smaller the size the higher the CPU utilization as smaller requests will be processed by the Web Prevent Server. The size is 4 KB by default.
   
   
3. The detection time of every single ICAP request.  This can be observed by enabling the detection trace logging under FileReaderlogging.properties (\DataLossPrevention\DetectionServer\version_number\Protect\config directory on the detection server), the setting is OFF by default it needs to be switched to FINE, it will generate a file, which would contain how long the detection server takes to process the incoming requests. Generally for 4 KB ICAP requests, the time taken to process the requests should be in the range of 100-500 ms (this may vary), depending on the complexity of the policies.  
   
   
4. The policies need to be fine tuned to reduce this processing time which in turn improves performance.