The SymantecDLP service user's password has been forgotten, and we plan on migrating to a newer DLP version.

Can we set a new password on the existing service account while running the migration?

One cannot reset the password via the DLP install or migration GUI or command line. One can alternatively create a new account and password during the migration. 

If the SymantecDLP service user is running with a local account on the Enforce/Detection server, the password can be reset via the lusrmgr.msc [Local Users and Groups] console while logged in as an Administrator to the Enforce server. You would need to stop the DLP services firstly via Windows Services before changing the password. 

Then type into the run box: lusrmgr.msc to open the console

Right-click on the account and click Set Password: 

Click Proceed

Enter a new password in prompt: 

If the service is configured to use a domain account, then the password would need to be reset via Active Directory Users and Computers Console (ADUC) which would require a Domain Administrator privilege.

Please note that a local account is what Broadcom recommends and supports for the DLP services.