Video Screencast Help

Exclude the SEP Agent From the DLP Endpoint Agent Configuration

Created: 05 Feb 2012 • Updated: 06 Feb 2012 | 4 comments
Language Translations
yang_zhang's picture
+3 3 Votes
Login to vote

When troubleshooting DLP Endpoint Agent slowness, it may be necessary to exclude the Symantec Endpoint Protection Agent software. On the other hand, it's unnecessary to include the files and folder of the SEP agent into the scan list of DLP agent. So, it's best to exclude the SEP agent from the DLP endpoint agent configuration.

1. Login to DLP Enforce Console, select 'System' --> 'Agents' --> 'Agent Configuration'.

2. Select the configuration from the list, usually the default one:

2. On the 'Filter by File Properties' section, click the pencil icon next to the 'Local Drive' destination, this will open to edit it:

3. On the 'File Attributes' section, input the following exclusion in the 'File Path on Destination':

C:\Users\All Users\Symantec\Symantec Endpoint Protection\*
C:\ProgramData\Symantec\Symantec Endpoint Protection\*
C:\Program Files\Symantec\Symantec Endpoint Protection\*

4. Click OK button to return to the 'Agent Configuraiton' page, then click 'Save and Apply'.

Then, the DLP Endpoint Agent will ignore the SEP agent folders and files.

Comments 4 CommentsJump to latest comment

AR Sharma's picture

I might use this.

Thanks & Regards,

AR Sharma, CISSP

IBM Certified System Admin- Lotus Domino V7

ITIL V2 Certified

0
Login to vote
Keith Reynolds - ExchangeTek's picture

Aren't all of the SEP agent executables already excluded from monitoring through the Endpoint Application Controls?  The key ones that do a lot of local drive writing are excluded from monitoring on this vector by default, making this unnecessary it seems.  Am I missing something?  This exludes the application itself, but would not exclude the directories from being monitored in either an Endpoint Discover Scan, or if a user decides to write to the installed SEP folders in order to evade detection for some reason (presuming you're monitoring local drive).

What we've found is more important with regards to Endpoint performance, and not included in SEP by default, is exlusion of the DLP agent within the SEP config.

~Keith

0
Login to vote
msudduth's picture

Thanks for this info, as I have added these exceptions in my console. Do you know of anything else that may help with performance issues? 

0
Login to vote
msudduth's picture

Thanks for this info, as I have added these exceptions in my console. Do you know of anything else that may help with performance issues? 

0
Login to vote