Data Loss Prevention

 View Only

  • 1.  Information about DLP EndPoint agent

    Posted Nov 14, 2011 04:28 AM

    Hi,

     

    1) If we have Endpoint server and on few machines we have installed client. If the user have Administrative access then they can uninstall the agent or stop the service. If we want to block the above then how can we achive the same?

     

    2) Can we export the policy configured in Enforce server into Excel sheet or some word file.

     

    Regards,

    Subodh Dangat



  • 2.  RE: Information about DLP EndPoint agent

    Posted Nov 14, 2011 06:38 AM

    Hi,

     

    1, You can protect the installation in two ways:
    -use ARPSYSTEMCOMPONENT="1" parameter in the msiexec install script, this will hide the agent from Add/Remove Progams in Control Panel
    -use the UNINSTALLPASSWORDKEY="" parameter in the msiexec script as well, which will allow uninstallation only when the proper password is provided

    Please find details in the DLP Admin Guide v11.1 on p. 1181.

     

    2, You can export a policy into an XML file by clicking the Export policy link, at the bottom of the policy edit screen. It is possible to import this file when creating a new policy, see details in Admin Guide on p. 401.

     

    Good Luck,

    Barnabas



  • 3.  RE: Information about DLP EndPoint agent

    Posted Nov 15, 2011 03:18 AM

    It is a best practice to change the name of the EDPA and WDP services to something different, during the installation. Thus end users may not be able to identify the process belonging to DLP.

    Moreover these processes are designed in a way that if one is killed, the other automatically starts the one killed.