DLP Agent installers File Information
search cancel

DLP Agent installers File Information


Article ID: 171179


Updated On:


Data Loss Prevention Data Loss Prevention Endpoint Suite


The DLP Agent installers are an additional set of files that need to be downloaded to be used with the DLP Enforce server when Endpoint Prevent or Endpoint Discover are being used. These files consist of both install/uninstall files for the DLP agent and agent tools.


DLP Agent installers

  • Agent Install Source Files - (.msi and .pkg). These are the files needed when building an agent install package in the Enforce console.
  • Agent Tools - These tools are optional and only needed for troubleshooting.
  • Agent Uninstall Files - Used to uninstall the agent from endpoint computers.

These files and their usage are documented here in the Help Topic for Installing DLP (broadcom.com).

Note: The Agent install source files are different than the agent install package that is generated on the Enforce server.

Example Agent Install package files (These are not the agent install source files)


Agent Install Files Download (Mac and Windows agents)

Go to the DLP Endpoint download page at support.broadcom.com and log in. 

Once logged in follow these steps:

Step 1: Click on the dropdown button to the right of the "Data Loss Prevention Endpoint Prevent" label.

Step 2: Select the version of DLP you need the tools for. (Note: All maintenance pack tools are located under the major version)

Step 3: Type in "Agent" in the search field. (Note: This field is case sensitive)

Step 4: Select the preferred download method for the version and OS of agent files you want to download.


Versions prior to 15.1 will be zip files you can download and extract finding an MSI file inside which you'll use when creating your specific agent package.

Versions after 15.1, you'll extract the zip file and the secondary zip file inside will be able to be directly uploaded to agent packaging in the Enforce console, to produce your specific agent package for you to deploy.

Here is a very detailed community page on that topic: DLP Endpoint Agent Install for Windows

DLP Agent installer Files


DLP Agent install files are in separate .zip downloads based on the platform.

  • Mac example (Symantec_DLP_16.0.1_Agent_Mac-IN.zip)
  • Windows example (Symantec_DLP_16.0.1_Agent_Win-IN.zip).

The Source file (.msi / .pkg) will be down a few directories under the architecture type.

  • The Windows x64 DLP 16 RU1 Agent Install Source file (AgentInstall-x64_16.0.1.msi) is under DLP 16 RU1\Symantec_DLP_16.0.1_Agent_Win-IN\DLP\16.0.1\Endpoint\Win\x64 folder.
  • The Mac agent only has one folder (arm64_x86_64) and file (AgentInstall_16.0.1.pkg) for both architecture types.


The .msi and the .pkg files are used when building the agent package install-package and cannot be used without being packaged first. This is done in the Enforce console by going to System > Agents > Agent Packaging. Click on the various browse buttons and browse to the architecturally corresponding platform source file. Fill out the other fields then click the generate installer packages button. See the Help Topic for Installing the DLP Agent on Windows (broadcom.com) for details.


Agent Tools


The tools are unique to each agent by version, platform, and architecture. Attempting to use a 14.5 x86 agent tool with a 14.6 MP2 x64 agent will result in a failure.

Find the tools in the \Tools\ folder at the same location as the source install .msi / .pkg file is for the given agent.

For example in the Symantec_DLP_16.0.1_Agent_Win-IN.zip the 16.0 RU1 (DLP 16.0.1) x64 agent tools:

  • Located in the Symantec_DLP_16.0.1_Agent_Win-IN\DLP\16.0.1\Endpoint\Win\x64\Tools folder (seen below).


For Windows, to use the agent tools copy the contents of the tools folder directly into the endpoint agent folder you want to troubleshoot. Skip any file conflicts. Note that the files must be in the endpoint agent folder and not a \tools\ subfolder.

For Mac, copy the files to a temporary folder on the client and then "sudo chmod 755" against each file. For example:

sudo chmod 755 service_shutdown

Then copy all of the files to the endpoint agent folder

For reference, here are the default DLP agent install locations:


\Program Files\Manufacturer\Endpoint Agent\


/Library/Manufacturer/Endpoint\ Agent/



After the files have been copied, use an Administrator command prompt (Windows) or Terminal shell to run the tool with the proper parameters. 

Agent Tools List

There are different tools for Mac and Windows. Below is a list of each current tool and its basic function. For details see the Help Topic on Endpoint Tools (broadcom.com).





Used to troubleshoot agent attributes for the logged in user.


Used to assist with configuring endpoint devices for detection. Scans computer for all connected devices.


Used to get application information when adding application for Application Monitoring feature.


Used for viewing DLP Agent log files that are otherwise obfuscated.


Allows an administrator to shut down the EDPA and WDP services. Tamper proofing prevents this under normal circumstances.


Provides SQL interface allowing for investigation and modification of encrypted DLP agent database files.






Used to assist with configuring endpoint devices for detection. Scans computer for all connected devices.


Used for viewing DLP Agent log files that are otherwise obfuscated.


Used to stop the DLP agent


Provides SQL interface allowing for investigation and modification of encrypted DLP agent database files.


Agent Uninstall Files


The uninstall files are located in the same folder as the agent install source (.msi / .pkg) file. For windows, the uninstall file is uninstall_agent.bat (x86) or uninstall_agent64.bat (x64). The two .bat files have different names but the .msi code is the same therefore either .bat file will uninstall either architecture type.

For a Mac, the file name is uninstall_agent and works with both architectures.


Note that the uninstall files only work with the version they are packaged with.

For windows, if an uninstall password was specified during the agent install then modify the .bat file and add the UNINSTALLPASSWORD. Copy the .bat to the client and run the batch file as an administrator. See TECH247833 for more details.

For Mac do the following:

  1. Copy uninstall_agent to the end point agent folder (Default Location:  /Library/Manufacturer/Endpoint\ Agent/)
  2. Open a Terminal
  3. Run the following:
$sudo ./uninstall_agent

Or to review uninstall logs on the Terminal application run this command:

 sudo ./uninstall_agent -prompt=no -log=console

By default, logs are saved to the uninstall_agent.log file

See Uninstall and remove the Symantec DLP Endpoint Agent for more details.

Additional Information

See also: DLP Agent installation general overview

See also: Uninstall and remove the Symantec DLP Endpoint Agent