Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

SMA & DLP Agent Integration Behavior

Created: 23 Jun 2011 • Updated: 23 Jun 2011 | 4 comments
cnpalmer75's picture
0 0 Votes
Login to vote

This document describes the various scenarios you can encounter when deploying the Symantec Management Agent or the Symantec DLP Agent in your environment when both agents may be present.

Recently we had an issue which resulted in millions of bad events being produced on our Altiris servers because of the automatic integration & registration of the 2 agents. Because we were not using the DLP IC we had to figure out a way to stop the integration from occurring and prevent the DLP Agent info events from being generated during a Basic Inventory from the SMA.

Because of this integration, we had to perform Scenario 1 & 3 to properly split the 2 agents and prevent DLP events from being sent to our Altiris servers.

Comments 4 CommentsJump to latest comment

Zac H's picture

For the unregister policy in scenario 2 of the document, what target/filter did you end up using?

0
Login to vote
cnpalmer75's picture

I believe the screenshot may be wrong, but the idea is to target any managed computer and any computer that has DLP already registered. This way you are unregistering the DLP Agent and if the steps in Scenario 1 are followed first, your DLP agents will not automatically re-register again.

I see no reason why you can't leave the policy turned on just in case any agent were to get registered and you did not have the DLP IC installed.

Benjamin Palmer
Specialist | Client Design
Director | Symantec CT User Group

If you find this post helpful please give it a thumbs up!
If you find that this solves your problem please mark it as the solu

0
Login to vote
jSmudge's picture

Is the RegDLPAgentMgmt.exe specific to a version of DLP or SMP Agents?

0
Login to vote
Stephen Heider's picture

FYI - as far as I know, the registration tool provided is not version specific.

That said, since as of v12.5 DLP is no longer compatible with SMP (and since SMP 7.5 is not compatible with ANY versions of the previous DLP Integration Components), I would like to share updated Technote that relate to the above information (which was originally gleaned by a Symantec employee from an internal DLP wiki page).

One issue in relation to these facts is that customers who have the DLP IC installed on NS 7.1 should NOT upgrade to NS 7.5 until they have confirmed the details below. Otherwise, the issue described in this forum posting will cause these bad events to be raised by DLP Agents attempting to register with the SMP agents.

Technote with updated details about un-registering DLP Agents with SMP agent:

http://www.symantec.com/docs/TECH216426

Technote showing deprecated compatibility with 7.5 release of NS:

http://www.symantec.com/docs/HOWTO92275

Technote showing how to use NS to deploy DLP without using Integration Component:

http://www.symantec.com/docs/HOWTO100086

For additional questions or inquiry, please contact Technical Support - note that both the NS and DLP teams will need to coordinate on any cases opened.

0
Login to vote