Data Loss Prevention

Hi, everyone.

As per title, I would like to deploy Endpoint Agents for DLP 15.1 via AD.

I have read this article: https://www.symantec.com/connect/articles/deploy-dlp-endpoint-agent-active-directory-gpo

However, what I don't understand is that the article did not mention anything regarding the pem files as the agent packages that I have generated contains these following files as shown in the file attached in this post.

So I understand that the msi file can be transformed into mst with the parameters from the install batch file but how do I include the pem files and deploy them via AD?

Thanks in advance.

Here's the official TN about deploying through AD:

https://support.symantec.com/en_US/article.TECH219201.html

Thanks!

Hi, Craig.

Unfortunately, I have read the TN and it still doesn't answers my question regarding the pem files.

Hi,

As an alternative, If the customer has SEPM Antivirus environment, you can use that to distribute the package of Symantec DLP Agent to endpoints.

Steps:

1. Create a http web server on specific port.

Link to create http web server : http://thesolving.com/server-room/how-to-install-and-configure-iis-on-windows-server-2012-r2/

2. Put all the packages on shared folder defined while creating web server. 

3. Access the Web sever link from browser and check all the packages exist. 

4. Try to download the packages and get the download link for each packages(You will get the error while downloading pem files as the file extention is not avaialble by default in MIME)

5. Add the pem files extention using the following the link: https://kb.intermedia.net/Article/1772

6. Get the link for the pem file as well and note down all the dwonload links for each packages.

7. Log in to SEPM console and got to Host Integrity Policy.

8. Edit the Host Integrity Policy and on the left hand side add functions:

9. Add download file function and add the download packages link for each packages to be downloaded ang give the path as c:\temp

10. After downloading all the download functions, add the run script function and add the installagent.batch file script in the scriptbox.

Using this  eveytime the SEP clients will communicate with SEPM, it will download the packages and then it will run the script and hence DLP agents will be installed without AD and third party applications.

Now once the packages are downloaded and executed it will again try to execute the script again and again whenever communication happens betweern SEP and SEPM, to overcome this, add more function and add registery adding function after executing the script function also at the beginning add the function that if registry is there download the packages and then execute the script else do not download and excute the script also while executing the script uncheck the option of showing the dialog box while executing the script so as to run the script without prompting to users.

Please let me know if you face any challenges regarding this.

Regards

Satyajeet Anand

Hi Mr Satyajeet

I have follow this steps you recomend

the archives are download, the script execute and the registry value i s created

almost everithing goes find,  but at the end nothings happens, the instalation log just stop like this

=== Verbose logging started: 27/9/2018  16:52:40  Build type: SHIP UNICODE 5.00.10011.00  Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (84:70) [16:52:40:415]: Resetting cached policy values
MSI (c) (84:70) [16:52:40:415]: Machine policy value 'Debug' is 0
MSI (c) (84:70) [16:52:40:415]: ******* RunEngine:
           ******* Product: C:\temp\Agent_Install_x64_15_1.msi
           ******* Action: 
           ******* CommandLine: **********
MSI (c) (84:70) [16:52:40:415]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (84:70) [16:52:40:415]: Grabbed execution mutex.
MSI (c) (84:70) [16:52:40:435]: Cloaking enabled.
MSI (c) (84:70) [16:52:40:435]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (84:70) [16:52:40:435]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (D8:AC) [16:52:40:439]: Running installation inside multi-package transaction C:\temp\Agent_Install_x64_15_1.msi
MSI (s) (D8:AC) [16:52:40:439]: Grabbed execution mutex.
MSI (s) (D8:88) [16:52:40:443]: Resetting cached policy values
MSI (s) (D8:88) [16:52:40:443]: Machine policy value 'Debug' is 0
MSI (s) (D8:88) [16:52:40:443]: ******* RunEngine:
           ******* Product: C:\temp\Agent_Install_x64_15_1.msi
           ******* Action: 
           ******* CommandLine: **********
MSI (s) (D8:88) [16:52:40:443]: Note: 1: 2203 2: C:\temp\Agent_Install_x64_15_1.msi 3: -2147287038 
MSI (s) (D8:88) [16:52:40:443]: MainEngineThread is returning 2
MSI (s) (D8:AC) [16:52:40:443]: User policy value 'DisableRollback' is 0
MSI (s) (D8:AC) [16:52:40:443]: Machine policy value 'DisableRollback' is 0
MSI (s) (D8:AC) [16:52:40:443]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (D8:AC) [16:52:40:443]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (D8:AC) [16:52:40:443]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 
MSI (s) (D8:AC) [16:52:40:443]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (84:70) [16:52:40:443]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (84:70) [16:52:40:443]: MainEngineThread is returning 2
=== Verbose logging stopped: 27/9/2018  16:52:40 ===

I would like you to read and if posible tell what to do next.