DLP has a utility called AdminPasswordReset.exe.There is no method to recover a lost password, but you can use this utility to assign a new password.

15.8 - 16.1

Important Note - This tool resolves the following issues:

1. Lost Administrator password
2. Misconfigured Single Sign On (everyone configured for SSO and no one can log in)

Tool prerequisites & results:

• You require access to the Symantec DLP software on the Enforce Server and Oracle DB password for the "PROTECT" user
• As best practice Test the Oracle database connection string used by DLP Enforce
• The tool needs to be run from a command line at

C:\Program Files\Symantec\DataLossPrevention\EnforceServer\DLP_version_number\Protect\bin\ AdminPasswordReset.exe (Windows) 
or
/opt/Symantec/DataLossPrevention/EnforceServer/DLP_version_number/Protect/bin/ AdminPasswordReset.exe (Linux)

NOTE: path may vary in you installed Enforce on other then default C partition  

• You set the Administrator user password to the desired password
• You also set the flag (-dbpass) to allow password login by the Administrator user in single sign-on situations
• This creates an audit log record and system event to note the password reset

This can be done with a command-line tool as follows:

AdminPasswordReset.exe -dbpass <oracle "protect" password> -newpass <new admin password> (Windows)
./AdminPasswordReset.exe -dbpass <oracle "protect" password> -newpass <new admin password> (Linux)

Example from Windows:

1. Navigate to correct path
C:\Users\Administrator>cd C:\Program Files\Symantec\DataLossPrevention\EnforceServer\16.1.00000\Protect\bin

2. Run example command
C:\Program Files\Symantec\DataLossPrevention\EnforceServer\16.1.00000\Protect\bin>AdminPasswordReset.exe -dbpass PROTECT -newpass NewAdministratorPassword

If you don't know password to "PROTECT"  follow Article ID: 159992 Change the "protect" user password in the Oracle database