000032061 - Do policies based on LDAP attributes function the same when an RSA DLP Endpoint Agent is off-line?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032061
Applies ToRSA Product Set: DLP
RSA Product/Service Type: Endpoint
RSA Version/Condition: 9.6 SP2
Platform: Windows
O/S Version: 7 Professional (64 and 34 bit), Windows 8.x
IssueDLP Endpoint policies based on LDAP attributes have no effect when Endpoint agent is off-line.
CauseWhen the DLP Endpoint agent is on-line, it polls the LDAP server verify attribute match;s policy.
When the agent is off-line, it can not reach the LDAP server, results are held for about 15 minutes, or if system is rebooted, or goes into sleep/hibernate mode.
ResolutionRSA DLP Engineering has reviewed this issue, They have determined  it is not feasible to store the cache data. In order for it to work, the entire AD 
attributes would have to be stored on the Agent client, would have adverse impact the agent and  would  cause heavy load on the LDAP server, because the agent would be requesting all the user data.