Data Loss Prevention

Hi Everyone,

I wonder, everyone has machines that for some how the DLP Agent stop to communicate with Endpoint Server, and if you open the services of the machine and start the DLP Agent the agent start to communication again. So thinking on that I wonder: What if we have a script to do it remotely (knowing that once the agent is down, it is not possible to start the agent by Enforce anymore).

So, How to start edpa services remotely like with a script?

I can write the script but I don´t know what is the command line to start (I´ve already tried net start and did not worked)

Thank you all,

Best Regards,

Lopes

Now this problem has multiple aspects to cover. I understand we are attempting some sort of an periodic operational monitoring of DLP agents (like a Endpoint environment health check). Certainly, DLP services could easily be started by simply net start edpa && net start wdp.

However, most of the time that would not help unless, the services were gracefully stopped and not terminated due to some sort of a corruption or a defect.

Most people I have seen that have a documented health check plan for DLP agent penetration perform this activity in two folds:

1.) Restart the agent: Restarting the system completely on which the DLP malfunction is detected usually resolves simple issues like first level service failures etc.

2.) If that is not the case and something more deep and broken, push package to uninstall - re-install.

Unlike any other agent tool residing on endpoints, this is is the most widely used and as per me the most efficient way of improving endpoint penetration.

Additionally - if you have something like SCCM or Altiris (which is excellent where the entire environment is Symantec) you are in a different league altogther. Lots of pre-existant templates would be available and you are talking about a different scope altogther.