This document describes the various scenarios you can encounter when deploying the Symantec Management Agent or the Symantec DLP Agent in your environment when both agents may be present.
Recently we had an issue which resulted in millions of bad events being produced on our Altiris servers because of the automatic integration & registration of the 2 agents. Because we were not using the DLP IC we had to figure out a way to stop the integration from occurring and prevent the DLP Agent info events from being generated during a Basic Inventory from the SMA.
Because of this integration, we had to perform Scenario 1 & 3 to properly split the 2 agents and prevent DLP events from being sent to our Altiris servers.
FYI - as far as I know, the registration tool provided is not version specific.
That said, since as of v12.5 DLP is no longer compatible with SMP (and since SMP 7.5 is not compatible with ANY versions of the previous DLP Integration Components), I would like to share updated Technote that relate to the above information (which was originally gleaned by a Symantec employee from an internal DLP wiki page).
One issue in relation to these facts is that customers who have the DLP IC installed on NS 7.1 should NOT upgrade to NS 7.5 until they have confirmed the details below. Otherwise, the issue described in this forum posting will cause these bad events to be raised by DLP Agents attempting to register with the SMP agents.
Technote with updated details about un-registering DLP Agents with SMP agent:
http://www.symantec.com/docs/TECH216426
Technote showing deprecated compatibility with 7.5 release of NS:
http://www.symantec.com/docs/HOWTO92275
Technote showing how to use NS to deploy DLP without using Integration Component:
http://www.symantec.com/docs/HOWTO100086
For additional questions or inquiry, please contact Technical Support - note that both the NS and DLP teams will need to coordinate on any cases opened.
Is the RegDLPAgentMgmt.exe specific to a version of DLP or SMP Agents?
I believe the screenshot may be wrong, but the idea is to target any managed computer and any computer that has DLP already registered. This way you are unregistering the DLP Agent and if the steps in Scenario 1 are followed first, your DLP agents will not automatically re-register again.
I see no reason why you can't leave the policy turned on just in case any agent were to get registered and you did not have the DLP IC installed.
For the unregister policy in scenario 2 of the document, what target/filter did you end up using?