|Applies To||RSA Product Set: DLP|
RSA Product/Service Type: Endpoint
RSA Version/Condition: 9.6 SP2
O/S Version: 7 Professional (64 and 34 bit), Windows 8.x
|Issue||DLP Endpoint policies based on LDAP attributes have no effect when Endpoint agent is off-line.|
|Cause||When the DLP Endpoint agent is on-line, it polls the LDAP server verify attribute match;s policy.|
When the agent is off-line, it can not reach the LDAP server, results are held for about 15 minutes, or if system is rebooted, or goes into sleep/hibernate mode.
|Resolution||RSA DLP Engineering has reviewed this issue, They have determined it is not feasible to store the cache data. In order for it to work, the entire AD |
attributes would have to be stored on the Agent client, would have adverse impact the agent and would cause heavy load on the LDAP server, because the agent would be requesting all the user data.