When does the Endpoint Agent query the AD server for User Group resolution

book

Article ID: 160197

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Symantec Data Loss Prevention (DLP) Endpoint

The Endpoint Agent queries the Active Directory Server for targeting on User Group policies.
How often does the Endpoint Agent query the AD Server?

Resolution

The Endpoint Agent queries the AD Server every time the edpa process is started. If the user shuts down their machine every night, the server will be queried when the machine is restarted.

If the Endpoint Agent is up for a default seven days, the agent will query the AD Server again. This value is configurable in the Advanced Agent Settings:

GroupResolution.DAYS_DATA_STALING.int

If the Endpoint Agent is not able to reach the AD Server at the seven day mark, it will try again every day. This attempt to query the AD Server is done at the same time as the last successful connection. So, if the last successful attempt was at 9 AM Monday, the next 9 AM Monday the Endpoint Agent will attempt again. If that attempt is unsuccessful, the Endpoint Agent will attempt at 9 AM Tuesday, then 9 AM Thursday until it is successful.

If at startup, the Endpoint Agent is unable to reach the AD Server, then the Endpoint Agent will read the settings in the grp.ead file, located in the (by default) C:\Program Files\Manufacturer\Endpoint Agent directory.

If the Endpoint user is connecting via VPN, the agent may not be able to connect to the AD Server at startup, because the startup of the edpa process occurs before the machine is able to connect to the AD Server. In this case, the agent will attempt to use the grp.ead file at startup, and will attempt again at the seven day mark and beyond.

If there is no grp.ead file, and the Endpoint Agent cannot connect to the AD Server, the Endpoint Agent will treat the user as if they are in no group.