Dear,
I have a doubt the deloy of the dlp enpoint via SCCM in windows x64 its made in the folder C:\Program Files (x86)\Manufacturer\Endpoint Agent , change the installation folder maybe cause any problem with the agent and the rules or deteccion?
Product: AgentInstall64.msi
******* Action:
******* CommandLine: **********
MSI (c) (B8:08) [14:20:46:003]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (B8:08) [14:20:46:003]: Grabbed execution mutex.
MSI (c) (B8:08) [14:20:46:720]: Cloaking enabled.
MSI (c) (B8:08) [14:20:46:720]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (B8:08) [14:20:46:752]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (1C:2C) [14:20:46:767]: Running installation inside multi-package transaction C:\Windows\ccmcache\3\AgentInstall64.msi
MSI (s) (1C:2C) [14:20:46:767]: Grabbed execution mutex.
MSI (s) (1C:4C) [14:20:46:767]: Resetting cached policy values
MSI (s) (1C:4C) [14:20:46:767]: Machine policy value 'Debug' is 0
MSI (s) (1C:4C) [14:20:46:767]: ******* RunEngine:
******* Product: C:\Windows\ccmcache\3\AgentInstall64.msi
******* Action:
******* CommandLine: **********
MSI (s) (1C:4C) [14:20:46:783]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (1C:4C) [14:20:46:814]: SRSetRestorePoint skipped for this transaction.
MSI (s) (1C:4C) [14:20:46:861]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 3: 2
MSI (s) (1C:4C) [14:20:46:892]: File will have security applied from OpCode.
MSI (s) (1C:4C) [14:20:46:939]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Windows\ccmcache\3\AgentInstall64.msi' against software restriction policy
MSI (s) (1C:4C) [14:20:46:939]: SOFTWARE RESTRICTION POLICY: C:\Windows\ccmcache\3\AgentInstall64.msi has a digital signature
MSI (s) (1C:4C) [14:20:46:939]: SOFTWARE RESTRICTION POLICY: C:\Windows\ccmcache\3\AgentInstall64.msi is permitted to run because the user token authorizes execution (system or service token).
MSI (s) (1C:4C) [14:20:47:360]: End dialog not enabled
MSI (s) (1C:4C) [14:20:47:360]: Original package ==> C:\Windows\ccmcache\3\AgentInstall64.msi
MSI (s) (1C:4C) [14:20:47:360]: Package we're running from ==> C:\Windows\Installer\5b154.msi
MSI (s) (1C:4C) [14:20:47:469]: APPCOMPAT: Compatibility mode property overrides found.
MSI (s) (1C:4C) [14:20:47:563]: APPCOMPAT: looking for appcompat database entry with ProductCode '{D675A448-C21A-47C9-9F9D-1FF04A02570A}'.
MSI (s) (1C:4C) [14:20:47:563]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (1C:4C) [14:20:48:093]: MSCOREE not loaded loading copy from system32
MSI (s) (1C:4C) [14:20:48:109]: Machine policy value 'TransformsSecure' is 0
MSI (s) (1C:4C) [14:20:48:109]: User policy value 'TransformsAtSource' is 0
MSI (s) (1C:4C) [14:20:48:203]: Machine policy value 'DisablePatch' is 0
MSI (s) (1C:4C) [14:20:48:203]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (1C:4C) [14:20:48:203]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (1C:4C) [14:20:48:203]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (1C:4C) [14:20:48:218]: APPCOMPAT: looking for appcompat database entry with ProductCode '{D675A448-C21A-47C9-9F9D-1FF04A02570A}'.
MSI (s) (1C:4C) [14:20:48:218]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (1C:4C) [14:20:48:218]: Transforms are not secure.
MSI (s) (1C:4C) [14:20:48:218]: PROPERTY CHANGE: Adding MsiLogFileLocation property. Its value is 'C:\installAgent.log'.
MSI (s) (1C:4C) [14:20:48:218]: Command Line: INSTALLDIR=C:\Program Files (x86)\Manufacturer\Endpoint Agent