DLP Agent on Ghost Image not recommended

book

Article ID: 184215

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Discover

Issue/Introduction

Due to security concerns, it is recommended to not install the DLP Agent on a ghost image.

Cause

The DLP Agent installer generates machine specific encryption keys during installation.  In the case of ghost images, all the deployed images will share the same keys.  This is a concern from a security perspective.

The agent will initially have the same hostname, which will cause issues with connectivity.  More than one agent with the same hostname will cause the agent to not stay connected with the server.

 

Also, all the agents will use the same Endpoint Server.  This can be changed after the fact, but it might overwhelm the server if too many agents are connecting to the same server.

Resolution

As a part of the workstation deployment, leverage a post-provisioning task to install the agent AFTER the workstation has booted for the first time.