Video Screencast Help

Symantec Data Loss Prevention endpoint agent unattended installation

Created: 07 Dec 2012 • Updated: 11 Jun 2013 | 14 comments
V-Kind's picture
This issue has been solved. See solution.

Could you please share your experience on Data Loss Prevention endpoint agents unattended installation.

I'm now trying to setup agents, using Windows Server group policies, but these require .msi files to be preconfigured first.

Maybe you know how to do this. Or how to use Symantec Management Platform (I don'd have one) for smooth deployment? 

Comments 14 CommentsJump to latest comment

pete_4u2002's picture

yes, use the .msi , replace XXX with the correct server IPand key for uninstall


V-Kind's picture

Pete, thank you for reply. I know that endpoint agent could be installed that way in elevated command prompt mode. This is the only way I can do this now. The only way that works. But this way is manual. I want agents to be installed in automated mode.

What I am doing now is trying to use Windows Server group policies (GPO) to install agents from network location. But the problem is that .msi files that require parameters during installation should be accompanied with correct .mst file. Don't know how to generate one with the correct settings for enpoint server IP, port etc that is in the .bat file. Any thoughts?

Artem's picture


yang_zhang created a detailed description for deploy DLP endpoint agent by active directory GPO. Please, see here:

kishorilal1986's picture

After 8 and 9 ver, I think there is no requirement of .msi package. I think using Altiris it will be more easy to deploy the agents on machines.

You can refer below useful links which will surely give u some idea

UFO's picture

Using Altiris is very promising. I have tried to install the Management Platform - not that easy. Nice idea anyway (I mean - using native Symantec product ot deploy).


stumunro's picture


do you neeed the info to setup the integrated componet for Altiris? if so let me know i have the instructions.

UFO's picture


thanks. it seems that this guide was written very quickly. Why do we need to look for such kind of guides here on Connect or elsewhere? Why this is not included in DLP manual? Questions are not to you, of course. thanks for the link again.


TSPARR's picture

I'm trying to do an unattended installation, but I can't seem to get it to take on multiple endpoint servers as a parameter. Just an example of what I'm doing:

msiexec /i AgentInstall64v2.msi
INSTALLDIR="%SYSTEMDRIVE%\Program Files\Manufacturer\Endpoint Agent\"
And then what I get when I go through and verify settings:
Anyone have any ideas how to make this work?
pete_4u2002's picture

seems to be right, has the install been done? specify port number with columnn unless default port is other than 8000


TSPARR's picture

Well therein lies the issue. It does seem to be right and for all intents and purposes it should work, but if you look at the image link I posted, the parameters aren't being entered correctly into the program. We did go through with the install, but the computer never communicates with the server because of this. 

pete_4u2002's picture

i saw the image, keep the 1 enpoint server in 1 text field the other has to be in next text field. check if this works, if it does not then there could be a firewall thats blocking the communication.

UFO's picture

You should be right. Separate fields for separate servers. And what about endpoints? This approach works as endpoint agent configuration for one enpoint that will be communicating with several servers. How to populate this scenario to all endpoints in company?


UFO's picture

Who can do this unattended installation - please share your experience.