Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

Preparing DLP Agent with Uninstallation Password

Created: 14 Jul 2013 • Updated: 20 Aug 2013 | 2 comments
Language Translations
kishorilalWipro's picture
+5 5 Votes
Login to vote

Dear All,

Today I am going to share some experience and expertise during the DLP agent deployment.

There are basically 3 methods or you may have some other idea to deploy DLP agents on all machines.

Deploy DLP Endpoint Agent By Active Directory GPO

Installing the DLP Endpoint Agent with Altiris

Manual installation on each machine (if machines are less)

before following any of above method, you must modify your installation script with respective Endpoint Server and Uninstallation Password. This both parameter are very important during the installation. After agent installation all agents will point to specific endpoint server and communicate to report DLP incidents and Uninstallation password is used during removal /uninstallation of DLP agents whenever it required for any reason.

Steps to create Uninstallation Password for DLP agent installation

  1. Copy the Endpoint tools to c: drive or anywhere you wish to keep (c: is always recommended), you will find this tools in endpoint agent tools in fileconnect.

End 1.jpg

  1. Open the command prompt and go the drive where the endpoint tools are stored  and run the command

              UninstallPwdKeyGenerator.exe -xp=the-password-you-want-to-require-for-uninstalling-edpa

End 2.jpg

  1. In above, UninstallPwdKeyGenarator.exe is tool which generates the hash value with the help of PGPsdk.dll this hash value must be added in installation Uninstallation parameter.If you directly copy/input any plaintext password in installation script except generating hash, the agent will install but during the Uninstallation ,it will not accept the your correct plaintext password and popup with caplock or wrong password error. So keep in mind that either keep hash generated password or without any unistallation password.
  1. Copy and paste hash value in install.bat file provided by Symantec and add Uninstallation password parameter into it. You should also insert Endpoint Server host/ip address as well as ARPSYSTEMCOMPONENT value 1 or 0. 0 value will show the agent installed in add/remove program of machine and 1 will hide it.

End 3.jpg

  1. Save the install.bat file with these values and copy to the folder where AgentInstall.msi file and Agent.ver is stored. Now you either install with manually or whatever tools and technique you want to use.

End 4.jpg

  1. If you are planning to install DLP agent with Altiris(Symantec Management  console ) then you need to update the script with above parameter as shown below

End 5.jpg

   7. Post installation, you will see the wdp and edpa two services are running in process manager as well as in services.msc. In program files folder ,   

   with name of Manufacturer and subfolder endpoint agent named installation folder you will see with folder size 83-84 MB

  • Installation folder

End 6.jpg

  • Running processes

End 7.jpg

  • Running services WDP and EDPA in Sevices.msc

End 8.jpg

I made my hard effort to present and explain the best. I hope you all will like and appreciate.

Comments 2 CommentsJump to latest comment

V-Kind's picture

Great article!

Question: what to do if the uninstallation password was not generated with the utility, but was entered as plain text during installation? How to uninstall under these conditions?

Login to vote
kishorilalWipro's picture

Hi Vkind, it will install succesfully but during uninstallation it will not remove.

Login to vote