DLP Agent Flex Response Plug-in Install and Configuration

book

Article ID: 160675

calendar_today

Updated On:

Products

Endpoint Encryption File Share Encryption Powered by PGP Technology Data Loss Prevention Endpoint Prevent

Issue/Introduction

This article goes over how to install and configure a DLP Agent FlexResponse plugin.

Resolution

The following must be configured when using the DLP Flex Response Plug-in:

  • Install Symantec DLP Agents on the endpoint computers before deploying Endpoint FlexResponse plug-ins. The Agents must be connected to an active Endpoint Server.
  • Deploy the Endpoint FlexResponse plug-ins on each endpoint computer where you require Endpoint FlexResponse actions. You can use a manual installation or a silent installation method to deploy the plug-in.  Silent installation methods involves using systems management software (SMS), to distribute and install software on all of your endpoint computers.
  • Install the Endpoint FlexResponse utility (flrinst.exe) on each endpoint computer where you will deploy Endpoint FlexResponse plug-ins.
  • Make the Endpoint FlexResponse package ( a .zip file) available to each endpoint computer. You can copy the package to each endpoint computer, or you can make the package available on a network drive that is accessible by all endpoint computers.
    Example: The Symantec Endpoint Encryption Removable Media Encryption zip package is called "EERPlugin_flexresponse.zip".  These zip files contain logic to install properly using the flex response plugin (flrinst.exe).
  • For deploying the plug-in, use the command-line options of the Endpoint FlexResponse utility when creating your installation scripts.
  • Remove the Endpoint FlexResponse utility after deploying your plug-in. If you leave the utility installed on the endpoint computers, a malicious user could use the utility to uninstall or alter your Endpoint FlexResponse plug-in

 

 

Steps required to deploy and use the Flex Response Plug-in:

 

 

  1. Copy the Endpoint FlexResponse plug-in utility (flrinst.exe) to your endpoint computers.
  2. Enable Endpoint FlexResponse on the Enforce Server.
  3. Deploy the specific Endpoint FlexResponse plug-in (such as the EERPlugin_flexresponse.zip) using the Endpoint FlexResponse utility (flrinst.exe).
  4. Create the response rules that use Endpoint: FlexResponse actions that reference the plug-in, and add these rules to an active policy

 

 

The Endpoint FlexResponse utility (flrinst.exe) must be run from the folder where the Symantec DLP Agent is deployed. The location of this folder is configurable, however, by default is located in the following directory:

c:\Program Files\Manufacturer\Endpoint Agent\

 


The Flex Response Plug-in utility command line syntax and options:

 

flrinst.exe -op=install|uninstall|retrieve|list -package=<package_name> -p=<Tools_password>

 

install: deploys a plug-in

uninstall: removes a plug-in

list: displays a list of deployed plug-ins

retrieve: retrieves a plug-in and saves it as an editable text file. The text file is contained in a ZIP file that is saved in the directory, where the utility was run.

op=install [option]: specifies the path to the package (a ZIP file) that contains the Endpoint FlexResponseplug-in. The package name is case sensitive.

-p=<tools_password>: If a Tools password has not been configured,use the default password: VontuStop.

 

 

Deploying the Endpoint FlexResponse plug-in

On an endpoint computer, open a command prompt window and navigate to the Symantec DLP Agent installation tools directory.  For the default location navigate to the following directory:

c:\Program Files\Manufacturer\Endpoint Agent\

Enter the following command:

flrinst.exe -op=install -package=<path_to_plug-in> -p=<myToolsPassword>

<myToolsPassword> is the Tools password for your Symantec Data Loss Prevention deployment. If you have not specified a Tools password, use the default password: VontuStop.

<path_to_plug-in name> is the full path to the plug-in .zip file.

Example 1: The Symantec Endpoint Encryption Removable Media Encryption zip file is called "EERPlugin_flexresponse.zip", so the command to install would be:

flrinst.exe -op=install -package=c:\EERPlugin_flexresponse.zip -p=<myToolsPassword>

 Example 2: The Symantec File Share Encryption zip file is called "nsplugin_flexresponse.zip", so the command to install would be:

 

flrinst.exe -op=install -package=c:\nsplugin_flexresponse.zip -p=<myToolsPassword> 

 

 

Loading the Endpoint FlexResponse plug-ins

From a command prompt window, navigate to the Symantec DLP Agent installation tools directory:

<Agent installation directory>\Tools\flrinst.exe

Enter the following command where <Plug-in name> is the specific name of the plug-in .zip file:

-op=install -package=<Plug-in name>

Example: flrinst -op=install -package=c:\EERPlugin_flexresponse.zip -p=<myToolsPassword>

 

  

Enabling the Endpoint FlexResponse functionality

  1. Log into Enforce Console
  2. Go to: System > Agents > Agent Configuration and open the configuration for editing.
  3. Click the Advanced Agents Settings tab.
  4. Find the PostProcessor.ENABLE_FLEXRESPONSE.int setting.
  5. Change the setting to 1.
  6. Click Save and Apply.

 

To obtain the Flex Response Plug-in (flrinst.exe), please contact Symantec Support.

 

For information on how to use Symantec Endpoint Encryption Removable Media Encryption with DLP and the flex response plug-in, see article 213405.

For information on how to use Symantec File Share Encryption with DLP and the flex response plug-in, see article DOC6301.