Data Loss Prevention

 View Only
Back to Library

Preparing DLP Agent with Uninstallation Password 

Jul 14, 2013 04:27 PM

Dear All,

Today I am going to share some experience and expertise during the DLP agent deployment.

There are basically 3 methods or you may have some other idea to deploy DLP agents on all machines.

Deploy DLP Endpoint Agent By Active Directory GPO

https://www-secure.symantec.com/connect/articles/d...

Installing the DLP Endpoint Agent with Altiris

https://www-secure.symantec.com/connect/articles/i...

Manual installation on each machine (if machines are less)

before following any of above method, you must modify your installation script with respective Endpoint Server and Uninstallation Password. This both parameter are very important during the installation. After agent installation all agents will point to specific endpoint server and communicate to report DLP incidents and Uninstallation password is used during removal /uninstallation of DLP agents whenever it required for any reason.

Steps to create Uninstallation Password for DLP agent installation

  1. Copy the Endpoint tools to c: drive or anywhere you wish to keep (c: is always recommended), you will find this tools in endpoint agent tools in fileconnect.

End 1.jpg

 

  1. Open the command prompt and go the drive where the endpoint tools are stored  and run the command

              UninstallPwdKeyGenerator.exe -xp=the-password-you-want-to-require-for-uninstalling-edpa

End 2.jpg

 

  1. In above, UninstallPwdKeyGenarator.exe is tool which generates the hash value with the help of PGPsdk.dll this hash value must be added in installation Uninstallation parameter.If you directly copy/input any plaintext password in installation script except generating hash, the agent will install but during the Uninstallation ,it will not accept the your correct plaintext password and popup with caplock or wrong password error. So keep in mind that either keep hash generated password or without any unistallation password.

 

  1. Copy and paste hash value in install.bat file provided by Symantec and add Uninstallation password parameter into it. You should also insert Endpoint Server host/ip address as well as ARPSYSTEMCOMPONENT value 1 or 0. 0 value will show the agent installed in add/remove program of machine and 1 will hide it.

End 3.jpg

  1. Save the install.bat file with these values and copy to the folder where AgentInstall.msi file and Agent.ver is stored. Now you either install with manually or whatever tools and technique you want to use.

End 4.jpg

  1. If you are planning to install DLP agent with Altiris(Symantec Management  console ) then you need to update the script with above parameter as shown below

End 5.jpg

   7. Post installation, you will see the wdp and edpa two services are running in process manager as well as in services.msc. In program files folder ,   

   with name of Manufacturer and subfolder endpoint agent named installation folder you will see with folder size 83-84 MB

 

  • Installation folder

End 6.jpg

  • Running processes

End 7.jpg

 

  • Running services WDP and EDPA in Sevices.msc

End 8.jpg

I made my hard effort to present and explain the best. I hope you all will like and appreciate.

Statistics
0 Favorited
12 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

DLP kishorilal
Apr 03, 2014 01:42 AM

Hi Vkind, it will install succesfully but during uninstallation it will not remove.

Migration User
Mar 05, 2014 10:35 AM

Great article!

Question: what to do if the uninstallation password was not generated with the utility, but was entered as plain text during installation? How to uninstall under these conditions?

Related Entries and Links

No Related Resource entered.