Occasionally a Symantec Data Loss Prevention (DLP) Endpoint Prevent agent needs to be redirected to a different Endpoint Server. Or an agent needs to have its Endpoint Server priority list changed.
Here are several methods of changing the Endpoint Server or modifying the Endpoint Server list for a DLP agent. Select the one that fits your needs the best:
A task running icon (clipboard with play option) now appears next to the agent. Once the change is successful you see an event for that agent that reports "Change Endpoint Server task execution succeeded" in the agent details.
This Method is used if the agents are not communicating to the DLP Endpoint server.
Locate the agent install files .zip (see this KB) that was used when generating the agent install package. (This .zip can also be obtained through https://fileconnect.symantec.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent agent folder.
Once the tools are in the DLP Agent folder use the follow examples to build a script to change the server settings.
The vontu_sqlite3 tool can be used like in the following method that echo's a single command in to the utility. Note that the password must also be supplied. Below is how the syntax of the batch file is structured
Below is an example of setting a primary endpoint server name of 192.160. 2.100 on port 10443 and an alternate Endpoint Server host of Win64oraenforce on port 10443:
You may also use the vontu_sqlite3 tool locally on the endpoint agent.
This method is used if a few of the agents are not communicating to the DLP Endpoint server.
Locate the agent install files .zip (see this KB) that was used when generating the agent install package. (This .zip can also be obtained through https://support.broadcom.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent folder. We specifically need the vontu_sqlite3 tool.
For Reference the default agent locations are:
Mac OSX: /Library/Manufacturer/Endpoint Agent/
Windows: c:Program FilesManufacturerEndpoint Agent
Once the tools are in the DLP Agent folder run the following commands:
Apply the tools password as needed. Then use the following commands in the vontu_sqllite3 tool to update the configuration (Note these are case sensetive). Be sure to change the value to direct to your sever and port:
Next stop the agent service
Start the service (windows)
Start the service (Mac)
This method is typically only used if the computers are no longer connected and the previous methods are not viable.
Example: You have several Mac clients that need to be reinstalled. You can use this method instead of manually running the vontu_sqlite utility on each computer.
Note that you cannot upgrade an agent to a version it already has or older. For example, you cannot upgrade DLP agent 15.0 MP1 to 14.6 MP2 or 15.0 MP1 or upgrade to an earlier hotfix agent of the same GA release.
Follow these steps to use an agent install package to redirect the agents.
If you meet the prerequisites of an upgrade, then you can do an agent upgrade with an updated Endpoint Server list. See Symantec Data Loss Prevention Upgrade Guides.