Follow the below procedure steps provided here to deploy Endpoint FlexResponse plug-ins.
Procedure Step 1 : Obtain (or create) an Endpoint FlexResponse plug-in zip file.
Contact a Symantec partner or Symantec sales representative.
Endpoint FlexResponse plug-ins are not available with the default Symantec Data Loss Prevention installation.
Procedure Step 2 : Configure any Endpoint credentials on the Enforce Server. (Note :This step is optional)
Configuring endpoint credentials :
You must add credentials to the Credential Store before you can access credentials for Endpoint FlexResponse or the Endpoint Discover Quarantine response rule. The credentials are stored in an encrypted folder on all endpoint computers that are connected to an Endpoint Server. Because all endpoint computers store the credentials, you must be careful about the type of credentials you store. Use credentials that cannot access other areas of your system. Before your endpoint credentials can be used, you must enable the Enforce Server to recognize them.
To create endpoint credentials
1] Go to: System > Settings > General.
2] Click Configure.
3] Under the Credential Management section, ensure that the Allow Saved Credentials on Endpoint Agent checkbox is selected.
4] Click Save.
5] Go to: System > Settings > Credentials.
6] Click Add Credential.
7] Under the General section, enter the details of the credential you want to add.
8] Under Usage Permission, select Servers and Endpoint agents.
9] Click Save.
Procedure Step 3 : Deploy the plug-in to your endpoint computers using the Endpoint FlexResponse utility and third-party systems management software (SMS).
About deploying Endpoint FlexResponse plug-ins on endpoint computers
You must install Symantec DLP Agents on the endpoint computers before deploying Endpoint FlexResponse plug-ins. The Agents must be connected to an active Endpoint Server.
See the Symantec Data Loss Prevention Installation Guide for information on how to install the agents.
You must deploy Endpoint FlexResponse plug-ins on each endpoint computer where you require Endpoint FlexResponse actions. You can use a manual installation or a silent installation method to deploy the plug-in. Silent installation methods involve using systems management software (SMS), to distribute and install software on all of your endpoint computers. You may need to create SMS scripts to access the installation folder.
This section assumes that you have created or otherwise obtained an Endpoint FlexResponse plug-in that is packaged as a ZIP file.
Deploying an Endpoint FlexResponse plug-in on endpoint computers requires the following steps:
Step 1 : Copy the Endpoint FlexResponse utility to your endpoint computers.:
You use the Endpoint FlexResponse utility to manage Endpoint FlexResponse plug-ins. The Endpoint FlexResponse utility is not part of the default Symantec Data Loss Prevention download and is only available through Symantec or Symantec partners.
Step 2 : Copy any third-party Python modules that your plug-in requires to your endpoint computers.
Step 3 : Enable Endpoint FlexResponse on the Enforce Server :
Enabling Endpoint FlexResponse on the Enforce Server
Before you can use Endpoint FlexResponse plug-ins in your response rules, you must enable Endpoint FlexResponse functionality through the Enforce Server. By default, Endpoint FlexResponse functionality is not enabled. You enable Endpoint FlexResponse functionality through the Advanced Agent Settings.
To enable Endpoint FlexResponse functionality
1] Open the Enforce Server administration console and navigate to: System > Agents > Agent Configuration and open the Agent configuration that is currently applied to the Endpoint Server that is connected to the Agents where you are deploying the Endpoint FlexResponse plug-in.
2] Click the Advanced Agents Settings tab.
3] Find the PostProcessor.ENABLE_FLEXRESPONSE.int setting.
4] Change the setting to 1.
5] Click Save and Apply.
Step 4 : Deploy the Endpoint FlexResponse plug-in using the Endpoint FlexResponse utility. (flrinst.exe). Use one of the following options:
Deploy your plug-in manually on a single endpoint computer. This option is most useful when you are developing or testing an Endpoint FlexResponse plug-in.
Deploying an Endpoint FlexResponse plug-in using the Endpoint FlexResponse utility
You use the Endpoint FlexResponse utility to deploy Endpoint FlexResponse plug-ins. The plug-ins must be in a .zip package format.
To deploy an Endpoint FlexResponse plug-in
1] On an endpoint computer, open a command window and navigate to the Symantec DLP Agent installation tools directory. The default location of this directory is c:\Program Files\Manufacturer\Endpoint Agent\
2] Enter the following command:
flrinst.exe -op=install
-package=<path_to_plug-in>
-p=<myToolsPassword>Where:
<myToolsPassword> is the Tools password for your Symantec Data Loss Prevention deployment. If you have not specified a Tools password, use the default password: VontuStop.
<path_to_plug-in name> is the full path to the plug-in .zip file.
For example:
flrinst -op=install -package=c:\installs\myFlexResponse_plugin.zip -p=myToolsPassword
Deploy your plug-in using a silent installation process and SMS software. This option is most useful when you are deploying a production-ready Endpoint FlexResponse plug-in.
Deploying Endpoint FlexResponse plug-ins using a silent installation process
You can use system management software (SMS) to deploy Endpoint FlexResponse plug-ins on multiple endpoint computers. Although the details of creating installation scripts for SMS software are beyond the scope of this document, note the following requirements:
You must install Symantec DLP Agents on the endpoint computers before deploying Endpoint FlexResponse plug-ins. The Agents must be connected to an active Endpoint Server.
You must install the Endpoint FlexResponse utility (flrinst.exe) on each endpoint computer where you will deploy Endpoint FlexResponse plug-ins.
You must make the Endpoint FlexResponse package ( a .zip file) available to each endpoint computer. You can copy the package to each endpoint computer, or you can make the package available on a network drive that is accessible by all endpoint computers.
To deploy your plug-in, use the command-line options of the Endpoint FlexResponse utility when creating your installation scripts.
Remove the Endpoint FlexResponse utility after deploying your plug-in. If you leave the utility installed on the endpoint computers, a malicious user could use the utility to uninstall or alter your Endpoint FlexResponse plug-in.
See your individual SMS application documentation for more information on how to deploy using SMS.
The Endpoint FlexResponse utility is only available through Symantec and Symantec partners. It is not included with the Symantec Data Loss Prevention distribution.
Step 5 : Create response rules that use Endpoint: FlexResponse actions that reference the plug-in, and add these rules to an active policy.
See "Implementing policy detection" in the Symantec Data Loss Prevention System Administration Guide.
Procedure Step 4 : Enable Endpoint FlexResponse actions on your Enforce Server :
Enabling Endpoint FlexResponse on the Enforce Server
Before you can use Endpoint FlexResponse plug-ins in your response rules, you must enable Endpoint FlexResponse functionality through the Enforce Server. By default, Endpoint FlexResponse functionality is not enabled. You enable Endpoint FlexResponse functionality through the Advanced Agent Settings.
To enable Endpoint FlexResponse functionality
1] Open the Enforce Server administration console and navigate to: System > Agents > Agent Configuration and open the Agent configuration that is currently applied to the Endpoint Server that is connected to the Agents where you are deploying the Endpoint FlexResponse plug-in.
2] Click the Advanced Agents Settings tab.
3] Find the PostProcessor.ENABLE_FLEXRESPONSE.int setting.
4] Change the setting to 1.
5] Click Save and Apply.
Procedure Step 5 : Add Endpoint FlexResponse actions to your response rules :
Adding a new response rule
Add a new response rule from the Manage > Policies > Response Rules > New Response Rule screen.
To add a new response rule
Click Add Response Rule at the Manage > Policies > Response Rules screen.
At the New Response Rule screen, select one of the following options:
Automated Response
The system automatically executes the response action as the server evaluates incidents (default option).
Smart Response
An authorized user executes the response action from the Incident Snapshot screen in the Enforce Server administration console.
Click Next to configure the response rule.