Minimum security context permissions for DLP Endpoint agent components
Article ID: 205539
Updated On:
Products
Data Loss Prevention
Data Loss Prevention Endpoint Prevent
Issue/Introduction
When implementing and using the Endpoint Agent, it is a requirement to understand the minimum Security Context(s) requirements for various components.
Cause
Need to understand for security posture or understanding component context utilization
Resolution
The DLP Endpoint Agent uses the following Security Contexts:
- Installation & uninstallation: Admin\system-
context on Windows, Root context on macOS. - DLP functioning:
- Core DLP (e.g. detection): System context on Windows, Root context on macOS
- Plugin: Application/ Logged-in user context
- Extension: Application/ Logged-in user context
- Hooks: Application/ Logged-in user context
- Driver\Kext: System-context on Windows, Root context on macOS
- DLP Popup: Logged in user context
- Tamper protection: Fully enabled by default. Only BRCM processes allowed to write, modify, delete.
- Agent Tools: Password protected, Admin\system-
context on Windows, Root context on macOS.
Feedback
Yes
No
Powered by
