Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Expanding DLP's maximum upload size for forensic data in Apex One

    • Updated:
    • 27 Nov 2020
    • Product/Version:
    • Apex One All
    • Platform:
Summary

Since Apex One Patch 4 Build 9113, the maximum upload size of Data Loss Prevention (DLP) forensic data (from CD/DVD, USB, and SMB channel) was expanded to 128MB. However, it cannot be downloaded in Apex Central due to an IIS and PHP limitation.

This article explains how to adjust server settings on Apex One and Apex Central to lift the limitation.

Details
Public
Apex One On-Premise Patch 4 Build 9113 or later

To edit the Apex One server settings:

  1. Open Command Prompt with administrator privileges on the Apex One server.
  2. Switch the working directory to {Apex One Server installation folder}\PCCSRV.
  3. Execute the following commands:

    SVRSVCSETUP -SF_ConfigDLPForensic UploadForensicDataSizeLimitInMb 150
    SVRSVCSETUP -SF_ConfigDLPForensic RejectDownloadOnFileSizeInMb 150
    SVRSVCSETUP -SF_ConfigDLPForensic maxAllowedContentLength 200000000
    SVRSVCSETUP -SF_ConfigDLPForensic uploadReadAheadSize 150000000
    SVRSVCSETUP -SF_QueryDLPForensic

Optionally, it’s recommended to further config agent behavior to avoid too many connections with a huge DLP forensic data upload occupied server capacity:

  1. Open {Apex One Server installation folder}\PCCSRV\ofcscan.ini with text editor.
  2. Add the following keys under [Global Setting] section as following:

    EnableConcurrentForensicUploadControl=1
    ConcurrentForensicUploadControlMinTriggerSizeInMB=20

  3. Open {Apex One Server installation folder}\PCCSRV\Private\vdi.ini with text editor.
  4. Add the following keys under the [TaskController] section:

    Controller_04_MaxRunningSeconds=600
    Controller_04_MaxConcurrentGuests=10
    Controller_04_BaseWaitingTime=10
    Controller_04_MaxWaitingTime=300
    Controller_04_TaskName=DLPForensicUploadSecure
    Controller_04_SingleVirtualHostOnly=1

  5. Go to the Apex One web console > Agents > Global Settings.
  6. Click Save to deploy this setting to agents.

Since the Apex One server will send DLP forensic data to the Apex Central server, it’s necessary to changethe IIS and PHP settings on the Apex Central server to accept large files from Apex One:

  1. Open IIS Manager on the Apex Central server.
  2. Select the Apex Central web site. By default, it’s "Default Web Site".
  3. Double-click Request Filtering.
  4. Click the Rules tab and click Edit Feature Settings on the right panel.
  5. Change the maximum allowed content length (Bytes) to "1024000000".
  6. Open {Apex Central installation folder}\PHP\PHP.ini with text editor.
  7. Find Memory_limit and Post_max_size and change it as follows:

    Memory_limit=1024M
    Post_max_size=2000M

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000282752
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.