How can I dump the Endpoint Agent configuration for review ?

book

Article ID: 160391

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

How can I dump the Endpoint Agent configuration for further investigation ?

Resolution

Install vontu_sqlite3 on the Endpoint machine.  This tool is included with the Symantec_DLP_X.X_Agent_Win-IN  package located on fileconnect. See TECH249541 for details.

Once installed, login to SQLite with the agent tools password.  The default password is VontuStop, but can be changed by the administrator using the endpointkeytool on Enforce before any agents are installed.

To run this tool, copy vontu_sqlite3 into the Endpoint agent directory where the ks.ead file is located.  The default is C:\Program Files\Manufacturer\Endpoint Agent

Then execute:

vontu_sqlite3 -db=<database file> [-p=<password>]

Example: 

vontu_sqlite3 -db=cg.ead -p=VontuStop

This will bring up a sql prompt from which sql commands may be executed. 

Run the followings to dump all configuration settings to a file called cgdump.txt in the same directory.

.header on
.mode csv
.once cgdump.txt
.dump
.exit

The cgdump.txt contains all of the configuration data. Provide this .txt file to support as needed.