How to protect Symantec DLP Endpoint Agent Services (EDPA & WDP)
Created: 04 Aug 2012 | Updated: 30 Oct 2012 | 4 comments
This issue has been solved. See solution.
Is there way to password protect the Symantec DLP Endpoint Agent Services. There are two services EDPA and WDP. I also know that if one service is somehow stopped the other one automatically starts it. But if you use the below command from Elevated Command Prompt both are stopped and they don't automatically restart again until the machine reboots.
Command:
sc stop edpa && sc stop wdp
This is a big security flaw as majority of users have locall admin rights on their machines. I know we can rename the services but this is not the solution as technically sound user can also find the new service names very easily. Is there way we can secure these services like password protecting them?
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
You are correct about disabling that service. I don't know of a work around in the current version, however, the version coming on on Monday (11.6) addresses this issue.
Aaron
If this post has helped you, please vote up or mark as solution to help others looking for the same data.
You can use SEP to protect your DLP services, and, on DLP 11.6, there is Tamper Protection on DLP Agent now. The Tamper Protection on DLP agent is just as the one on SEP client.
Dear yang
Can i have some document or link to any material that descibe in detail about Tamper Protection in DLP 11.6?
This is the introduction on the release notes of DLP 11.6 (on page 18):
Symantec Data Loss Prevention introduces improved tamper-proofing capabilities for Endpoint computers. A user cannot stop the Symantec DLP Agent which allows Endpoint Prevent to continuously monitor the endpoint computer to prevent the loss of sensitive data.
For more information, see the Symantec Data Loss Prevention Administration Guide.
Would you like to reply?
Login or Register to post your comment.