Occasionally a Symantec Data Loss Prevention (DLP) Endpoint Prevent agent needs to be redirected to a different Endpoint Server. Or an agent needs to have its Endpoint Server priority list changed.
Here are several methods of changing the Endpoint Server or modifying the Endpoint Server list for a DLP agent. They are listed in an order of recommendation. Select the one that fits your needs the best:
Changing the Endpoint Server through the console
Changing the Endpoint Server using a script
Using the vontu_sqlite3 utility to change the server
Use a new agent install package to change the server
Method 1: Changing the Endpoint Server through the console
Browse to System > Agents > Overview and click the number under the green check to view the agents in good standing.
Select the Agents you want to change Endpoint Servers.
Click the “Change Server” option.
Add the information for the endpoint servers. Note that secondary and tertiary servers can be added by using the plus button.
A task running icon (clipboard with play option) now appears next to the agent. Once the change is successful you see an event for that agent that reports "Change Endpoint Server task execution succeeded" in the agent details.
Method 2: Changing the endpoint server through script
In version 15.0, the “update_configuration” tool was removed. In versions greater than 15.0, the vontu_sqlite3 tool must be used to update the configuration. This section describes how to use both utilities.
NOTE: The "After 15.0" method can also be used on versions before 15.0 as well.
This Method is used if the agents do not communicate with the DLP Endpoint Server.
Locate the Symantec_DLP_<version>_Agent_Win-IN.zip that was used when generating the agent install package (See Agent Install Files Information). Extract the tools folder appropriate for the client architecture. Copy the extracted files to the client computer into the DLP Endpoint Agent folder.
Once the tools are in the DLP Agent folder run the following command and adjust the value parameter for the Endpoint Server in your environment.
echo Update CONFIGURATION set Value="
Win-2k8DetecSrv:10443;Win64OraEnforce:10443" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST"; | vontu_sqlite3.exe -db=cg.ead -p=protect4
You can now restart the agent using the service_shutdown.exe then starting the edpa or wdp service or restart the client computer. Once the agent restarts the new changes take place.
For security reasons remove the tools (update_configuration.exe, etc.) from the client computer.
Method 3: Changing the server via vontu_sqlite3 utility
You may also use the vontu_sqlite3 tool locally on the endpoint agent.
Currently mac agents do not have an update_configuration.exe equivalent. If the agents cannot get a configuration update from the Enforce Server, this method is one of the only other options to change the server. This method requires that you have the agent tools password that was used when installing the agent.
First obtain the vontu_sqlite3 agent tool using the same process as described in Method 2. Note that the mac agent files are in Symantec_DLP_14.X_Agent_Mac-IN.zip. Once the vontu_sqlite3 tool is in the endpoint agent folder run the following command from that directory.
vontu_sqlite3 -db=cg.ead -p=<tools password>
This command brings you to a sqlite> prompt. Then type the following (case sensitive) to update the server:
update CONFIGURATION set VALUE="<EndpointServer>:<port>" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST";
update CONFIGURATION set VALUE="192.168.2.100:10443;Win64OraEnforce:10443" where NAME="ServerCommunicator" and SETTING="SERVER_HOST_AND_PORT_LIST";
Then restart the agent by restarting the client or using one of the following command lines:
Service_shutdown -p=<tools password>
net start edpa
When the agent starts back up it connects to the configured server.
Method 4: Use a new agent install package
This method is typically only used if the computers are no longer connected and the previous methods are not viable. Example: You have several Mac clients that need to be reinstalled. You can use this method instead of manually running the vontu_sqlite utility on each computer.
Follow these steps to use an agent install package to redirect the agents.
From Enforce go to System > Agents > Agent packaging
Put in needed values and specify the new Endpoint Server (See the admin guide for further details)