DLP Agent installers File Information
search cancel

DLP Agent installers File Information

book

Article ID: 171179

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Suite

Issue/Introduction

The DLP Agent installers are an additional set of files that need to be downloaded to be used with the DLP Enforce server when Endpoint Prevent or Endpoint Discover are being used. These files consist of both install/uninstall files for the DLP agent and agent tools.

Resolution

DLP Agent installers

  • Agent Install Source Files - (.msi and .pkg). These are the files needed when building an agent install package in the Enforce console.
  • Agent Tools - These tools are optional and only needed for troubleshooting.
  • Agent Uninstall Files - Used to uninstall the agent from endpoint computers.

These files and their usage are documented here in the Help Topic for Installing DLP (broadcom.com).

Note: The Agent install source files are different than the agent install package that is generated on the Enforce server.

Example Agent Install package files (These are not the agent install source files)

endpoint_cert.pem
endpoint_priv.pem
endpoint_trustore.pem
install_agent.bat
upgrade_agent.bat

Agent Install Files Download (Mac and Windows agents)

Go to the DLP Endpoint download page at support.broadcom.com and log in. 

Once logged in follow these steps:

Step 1: Click on the dropdown button to the right of the "Data Loss Prevention Endpoint Prevent" label.

Step 2: Select the version of DLP you need the tools for. (Note: All maintenance pack tools are located under the major version)

Step 3: Type in "Agent" in the search field. (Note: This field is case sensitive)

Step 4: Select the preferred download method for the version and OS of agent files you want to download.

NOTE:

Versions prior to 15.1 will be zip files you can download and extract finding an MSI file inside which you'll use when creating your specific agent package.

Versions after 15.1, you'll extract the zip file and the secondary zip file inside will be able to be directly uploaded to agent packaging in the Enforce console, to produce your specific agent package for you to deploy.

Here is a very detailed community page on that topic: DLP Endpoint Agent Install for Windows

DLP Agent installer Files

Location

DLP Agent install files are in separate .zip downloads based on the platform.

  • Mac example (Symantec_DLP_16.0.1_Agent_Mac-IN.zip)
  • Windows example (Symantec_DLP_16.0.1_Agent_Win-IN.zip).

The Source file (.msi / .pkg) will be down a few directories under the architecture type.

  • The Windows x64 DLP 16 RU1 Agent Install Source file (AgentInstall-x64_16.0.1.msi) is under DLP 16 RU1\Symantec_DLP_16.0.1_Agent_Win-IN\DLP\16.0.1\Endpoint\Win\x64 folder.
  • The Mac agent only has one folder (arm64_x86_64) and file (AgentInstall_16.0.1.pkg) for both architecture types.

Usage

The .msi and the .pkg files are used when building the agent package install-package and cannot be used without being packaged first. This is done in the Enforce console by going to System > Agents > Agent Packaging. Click on the various browse buttons and browse to the architecturally corresponding platform source file. Fill out the other fields then click the generate installer packages button. See the Help Topic for Installing the DLP Agent on Windows (broadcom.com) for details.

 

Agent Tools

Location

The tools are unique to each agent by version, platform, and architecture. Attempting to use a 14.5 x86 agent tool with a 14.6 MP2 x64 agent will result in a failure.

Find the tools in the \Tools\ folder at the same location as the source install .msi / .pkg file is for the given agent.

For example in the Symantec_DLP_16.0.1_Agent_Win-IN.zip the 16.0 RU1 (DLP 16.0.1) x64 agent tools:

  • Located in the Symantec_DLP_16.0.1_Agent_Win-IN\DLP\16.0.1\Endpoint\Win\x64\Tools folder (seen below).

Usage

For Windows, to use the agent tools copy the contents of the tools folder directly into the endpoint agent folder you want to troubleshoot. Skip any file conflicts. Note that the files must be in the endpoint agent folder and not a \tools\ subfolder.

For Mac, copy the files to a temporary folder on the client and then "sudo chmod 755" against each file. For example:

sudo chmod 755 service_shutdown

Then copy all of the files to the endpoint agent folder

For reference, here are the default DLP agent install locations:

Windows:

\Program Files\Manufacturer\Endpoint Agent\

Mac:

/Library/Manufacturer/Endpoint\ Agent/

Linux:

/opt/Manufacturer/EndpointAgent

After the files have been copied, use an Administrator command prompt (Windows) or Terminal shell to run the tool with the proper parameters. 

Agent Tools List

There are different tools for Mac and Windows. Below is a list of each current tool and its basic function. For details see the Help Topic on Endpoint Tools (broadcom.com).

Windows:

Tool

Function

AttributeQueryResolver.exe

Used to troubleshoot agent attributes for the logged in user.

DeviceID.exe

Used to assist with configuring endpoint devices for detection. Scans computer for all connected devices.

GetAppInfo.exe

Used to get application information when adding application for Application Monitoring feature.

Logdump.exe

Used for viewing DLP Agent log files that are otherwise obfuscated.

Service_shutdown.exe

Allows an administrator to shut down the EDPA and WDP services. Tamper proofing prevents this under normal circumstances.

Vontu_sqlite3.exe

Provides SQL interface allowing for investigation and modification of encrypted DLP agent database files.

 

Mac:

Tool

Function

DeviceID

Used to assist with configuring endpoint devices for detection. Scans computer for all connected devices.

Logdump

Used for viewing DLP Agent log files that are otherwise obfuscated.

Service_shutdown

Used to stop the DLP agent

Vontu_sqlite3

Provides SQL interface allowing for investigation and modification of encrypted DLP agent database files.

 

Agent Uninstall Files

Location

The uninstall files are located in the same folder as the agent install source (.msi / .pkg) file. For windows, the uninstall file is uninstall_agent.bat (x86) or uninstall_agent64.bat (x64). The two .bat files have different names but the .msi code is the same therefore either .bat file will uninstall either architecture type.

For a Mac, the file name is uninstall_agent and works with both architectures.

Usage

Note that the uninstall files only work with the version they are packaged with.

For windows, if an uninstall password was specified during the agent install then modify the .bat file and add the UNINSTALLPASSWORD. Copy the .bat to the client and run the batch file as an administrator. See TECH247833 for more details.

For Mac do the following:

  1. Copy uninstall_agent to the end point agent folder (Default Location:  /Library/Manufacturer/Endpoint\ Agent/)
  2. Open a Terminal
  3. Run the following:
$sudo ./uninstall_agent

Or to review uninstall logs on the Terminal application run this command:

 sudo ./uninstall_agent -prompt=no -log=console

By default, logs are saved to the uninstall_agent.log file

See Uninstall and remove the Symantec DLP Endpoint Agent for more details.

Additional Information

See also: DLP Agent installation general overview

See also: Uninstall and remove the Symantec DLP Endpoint Agent