search cancel

Deploying DLP Endpoint Agents on Windows

book

Article ID: 174419

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Deploying Symantec Data Loss Prevention (DLP) Endpoint Agent on Windows.

Resolution

To create the package please see Build Endpoint Agent Installer Package

Installing the DLP Agent for Windows manually

  1. Run CMD as Administrator (local administrator) and navigate to unzipped agent installation package.
  2. Run the install_agent.bat that is file located there.
  3. Check to see if the Agent is running
    1. Log on to the Enforce Server and go to System > Agents > Overview. Verify that the newly installed or upgraded agents are registered or show up in the console.

Installing DLP Agents for Windows silently

  1. Specify the InstallAgent.bat file in your systems management software package.
  2. Specify the InstallAgent.bat installation properties. The installation properties in the InstallAgent.bat file are based on entries and selections that are made during the agent installation packaging process. Symantec recommends that you do not update the installation properties. When you install the Symantec DLP Agent, your systems management software issues a command to the specified endpoints. The following table summarizes important commands:
    1. msiexec

      The Windows command for executing MSI packages.
      /i Specifies the name of the package.
      /q Specifies a silent install. You can remove this command to install an agent using the wizard. You might install using this method if you want to test the installation package when preparing to run a silent installation.
      ARPSYSTEMCOMPONENT Optional properties to msiexec.
      ENDPOINTSERVER The Endpoint Server to which agents connect to.
      SERVICENAME This value is defined during the agent installation packaging process. The agent service name. The default value is EDPA.
      INSTALLDIR The location where the agent is installed on the endpoint: C:\Program Files\Manufacturer\Symantec DLP Agent\. This value is defined during the agent
      Installation packaging process.   
      UNINSTALLPASSWORDKEY The password the administrator uses when uninstalling agents. This value is defined during the agent
      Installation packaging process.  
      WATCHDOGNAME The watchdog service name: WDP.
      TOOLS_KEY The password that is associated with the agent tools. This value is defined during the agent installation packaging process.
      ENDPOINT_CERTIFICATE The endpoint self-signed certificate file name: endpoint_cert.pem. This file is created during the agent installation packaging process.
      ENDPOINT_PRIVATEKEY The endpoint private key file name: endpoint_priv.pem. This file is created during the agent installation packaging process.
      ENDPOINT_TRUSTSTORE The endpoint trust store file to trust the server certificate (server public key): endpoint_truststore.pem. This file is created during the agent installation packaging process.
      ENDPOINT_PRIVATEKEY_PASSWORD

      The password that is associated with the agent certificates. The password is located in the endpoint_priv.pem file, which is created during the agent installation packaging process.

  3. Specify any optional properties for the msiexec utility.
    • Sample command: msiexec /i InstallAgent.bat /q INSTALLDIR="C:\Program Files\Manufacturer\Symantec DLP Agent\" ARPSYSTEMCOMPONENT="1" ENDPOINTSERVER="epserver:8001" SERVICENAME="ENDPOINT" WATCHDOGNAME="WATCHDOG" UNINSTALLPASSWORDKEY="password" TOOLS_KEY="" ENDPOINT_CERTIFICATE="endpoint_cert.pem" ENDPOINT_PRIVATEKEY="endpoint_priv.pem" ENDPOINT_TRUSTSTORE="endpoint_truststore.pem" ENDPOINT_PRIVATEKEY_PASSWORD="" VERIFY_SERVER_HOSTNAME="No" STARTSERVICE="Yes" ENABLEWATCHDOG="YES" LOGDETAILS="Yes" /log C:\installAgent.log