Is the Domain Controller Agent required in an Endpoint environment.
search cancel

Is the Domain Controller Agent required in an Endpoint environment.

book

Article ID: 385627

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention Network Web Data Loss Prevention Plus Suite

Issue/Introduction

The domain controller agent may help to resolve users from IPs and other parameters. Is it mandatory?

When is it necessary to have a domain controller agent? Should it be installed on a specific VM (e.g. Enforce VM)?

Does the Endpoint Agent solution work without the DC agent, based only on AD groups (for coverage) and AD connections?

Environment

Versions: 15.8, 16.0, 16.1

Resolution

The domain controller agent usage is specific to the Network Prevent for Web (HTTP/HTTPS) incidents, as mentioned its purpose is to resolve IP addresses found in incidents to their corresponding username where a proxy does not supply this information.

You do not have to use it, it's not a requirement, and it's not used by the Endpoint Prevent detection servers or Endpoint Agents, it is independent of them. Yes, the Endpoint Prevent detection servers and Endpoint Agents will work without it. 

It does not have to be installed on a specific VM, when installed it does however have some requirements as noted here: Domain Controller Agent Installation Prerequisites (16.1 - techdocs.broadcom.com)

Additional Information