What Symantec DLP activities required a local or domain administrator account.
On the Endpoint system to run any of the following DLP Agent tools:
Any activities that involve installation on any system with DLP software (Enforce / Detection Server / Endpoint Agent) would require Administrative privileges for the following:
Modification of any configuration files in the DLP installation folders.
To run Sqlplus or the AdminPasswordReset utility on the Enforce server (see the Admin guide for details).
To run our Symdiag tool on occasion for troubleshooting purposes to collect data either from the server or endpoint systems (See Collect data for support cases with Symantec Diagnostic Tool (SymDiag)).