How to change the password on the Endpoint Agent


Article ID: 159724


Updated On:


Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover


The default password for the Endpoint Agent utilities is VontuStop.  How can I change the password to something more secure?


This article applies to versions DLP 12.0 and older.


The password for the Endpoint Agent Utilities is stored within the Agent Key.  To change the password, you will need to create a new agent key.

Note:  This must be done when deploying any agents, as the key must be provided to the agent installer.  If the agent has been deployed, it should be removed and redeployed.

The Agent Key is generated using the endpointkeytool which is installed in the Vontu/Protect/bin directory. Run the following command on the Enforce Server:

endpointkeytool generate -keysize=<128|192|256> -pwd=<tools password> [-dir=<output dir>]

The utility should always be executed from the Enforce Vontu/Protect/bin directory. keysize specifies the size of the random AES key that is used for authenticating the endpoint communication channel. pwd is a password that you want to use when executing endpoint utilities.

The utility outputs two files, one file ending in the *.endpointKeystore extension and one file ending in the *.endpointRecoveryStore extension, in the current directory where the tool is being executed, or in the directory specified by the optional -dir argument.

The *.endpointKeystore file must be copied into the Vontu/Protect/keystore directory on the Endpoint Server, and then the Endpoint Server must be restarted. You should also pass in the string contained in this file into the MSI batch file as the KEY parameter when installing endpoint agents through your SMS provider.

The *.endpointRecoveryStore file must be kept securely on your Enforce machine. It is essential for recovering the password you have specified for your tools. It is recommended that you back up this file and keep it in a secure location.


More information is available in the Admin guide under the Implementing Symantec DLP Agent and About Endpoint Tools sections.