Mis-configured temproot file.
Release : 15.5 and 15.7 MP1
DLP is installed on RHEL 7.8
Oracle Enterprise 12c on RHEL 7.3
Component : Network Monitor
Change the temproot file from:
symantecdlp ALL=(ALL) ALL, NOEXEC: NEVEREXEC
symantecdlp ALL=NOEXEC: NEVEREXEC
While the original line essentially gives root permissions, it does still require the user to type their password to run commands.
Since temproot gets loaded after the Symantec DLP sudoers file (S comes before T), this overrides the what we set for NOPASSWD.
The sudo only remembers the last rule it loads, not necessarily the most restrictive rule.