Video Screencast Help

How to protect Symantec DLP Endpoint Agent Services (EDPA & WDP)

Created: 04 Aug 2012 • Updated: 30 Oct 2012 | 4 comments
jawad1987's picture
This issue has been solved. See solution.

Is there way to password protect the Symantec DLP Endpoint Agent Services. There are two services EDPA and WDP. I also know that if one service is somehow stopped the other one automatically starts it. But if you use the below command from Elevated Command Prompt both are stopped and they don't automatically restart again until the machine reboots.

Command:

sc stop edpa && sc stop wdp

 

This is a big security flaw as majority of users have locall admin rights on their machines. I know we can rename the services but this is not the solution as technically sound user can also find the new service names very easily. Is there way we can secure these services like password protecting them?

Discussion Filed Under:

Comments 4 CommentsJump to latest comment

AMyers6671's picture

You are correct about disabling that service. I don't know of a work around in the current version, however, the version coming on on Monday (11.6) addresses this issue.

Aaron

If this post has helped you, please vote up or mark as solution to help others looking for the same data.

 

yang_zhang's picture

You can use SEP to protect your DLP services, and, on DLP 11.6, there is Tamper Protection on DLP Agent now. The Tamper Protection on DLP agent is just as the one on SEP client.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
SOLUTION
jawad1987's picture

Dear yang

Can i have some document or link to any material that descibe in detail about Tamper Protection in DLP 11.6?

yang_zhang's picture

This is the introduction on the release notes of DLP 11.6 (on page 18):

Symantec Data Loss Prevention introduces improved tamper-proofing capabilities for Endpoint computers. A user cannot stop the Symantec DLP Agent which allows Endpoint Prevent to continuously monitor the endpoint computer to prevent the loss of sensitive data.
For more information, see the Symantec Data Loss Prevention Administration Guide.

AttachmentSize
Symantec_DLP_11.6_Release_Notes.pdf 739.53 KB
If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.