ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Create for disaster recovery or migration


Article ID: 161246


Updated On:


Data Loss Prevention Enforce


You need to back up the Protect directory on the Symantec Data Loss Prevention (DLP) Enforce server, for disaster recovery or migration purposes.


DLP 12.5 - 15.x


For this process the will need to be created using one of the following methods:

Method 1 - Using the ReinstallationResourcesUtility.exe

This method is covered in the DLP Install guide under the "Creating the Enforce Reinstallation Resources file" section. See the Install guide for further details. Here is a summary:

Step 1

Switch to the \EnforceServer\15.7\Protect\bin directory by running the following command from a command prompt:

cd C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\bin

Step 2

Generate an Enforce Reinstallation Resources file by running the following command:

"C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\bin\ReinstallationResourcesUtility.exe" export "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect C:\"


Method 2 - Manually create the


Note: These steps assume that the DLP Enforce server is installed to C:SymantecDLP, and that the user is operating in a command line window with a working directory outside of that path.

  1. Create the config directory and copy over the file, preserving permissions:
    • mkdir config​​
    • robocopy /SEC c:\SymantecDLP\Protect\config .config
    • robocopy /SEC c:\SymantecDLP\Protect\config .config EncryptedPropertiesFilesEncryptionKey.key (this file is required for DLP versions 15.0.x)
  2. Create the keystore directory
    • ​​​mkdir keystore
    • robocopy /SEC c:\SymantecDLP\Protect\keystore .keystore
  3. Create the file:
    • zip -r config keystore

Note: The zip command is present on single-tier and two-tier deployments under the oracle bin directory. In a three-tier setup, send the copied files to a compressed folder using Windows Explorer.

To manually create in Linux (15.5 and above)

create the config directory while preserving permissions

  • mkdir -p /tmp/config 
  • cp -p /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect/config/ /tmp/config/
  • cp -p /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect/config/EncryptedPropertiesFilesEncryptionKey.key /tmp/config/

Create the keystore directory

  • mkdir -p /tmp/keystore
  •  cp -r -p /opt/Symantec/DataLossPrevention/EnforceServer/15.8.00000/Protect/keystore/* /tmp/keystore/

Create the zip archive

  • cd /tmp
  •  zip -r config keystore

Verify the zip archive 

  •  unzip -l





Additional information

For detailed information about DLP backups and recovery, see the Data Loss Prevention System Maintenance Guide.