Data Loss Prevention

Is there way to password protect the Symantec DLP Endpoint Agent Services. There are two services EDPA and WDP. I also know that if one service is somehow stopped the other one automatically starts it. But if you use the below command from Elevated Command Prompt both are stopped and they don't automatically restart again until the machine reboots.

Command:

sc stop edpa && sc stop wdp

This is a big security flaw as majority of users have locall admin rights on their machines. I know we can rename the services but this is not the solution as technically sound user can also find the new service names very easily. Is there way we can secure these services like password protecting them?

You are correct about disabling that service. I don't know of a work around in the current version, however, the version coming on on Monday (11.6) addresses this issue.

Aaron

You can use SEP to protect your DLP services, and, on DLP 11.6, there is Tamper Protection on DLP Agent now. The Tamper Protection on DLP agent is just as the one on SEP client.

Dear yang

Can i have some document or link to any material that descibe in detail about Tamper Protection in DLP 11.6?

This is the introduction on the release notes of DLP 11.6 (on page 18):

Symantec Data Loss Prevention introduces improved tamper-proofing capabilities for Endpoint computers. A user cannot stop the Symantec DLP Agent which allows Endpoint Prevent to continuously monitor the endpoint computer to prevent the loss of sensitive data.
For more information, see the Symantec Data Loss Prevention Administration Guide.

Attachment(s)

Symantec_DLP_11.6_Release_Notes_0.pdf   739 KB 1 version