Data Loss Prevention

Hello

If i stop the dlp service in services.msc and can try to copy the important information in my pen drive, how dlp will protect the information?

You can protect the service from being disabled:

https://www-secure.symantec.com/connect/forums/how-protect-symantec-dlp-endpoint-agent-services-edpa-wdp

the services cannot be stopped if tamper protection is enabled.

Thanks a lot to clear my confusion.

you may put solution against the thread that helped to answer your query.

Hello,

I have marked you both as a split solution. It's pending for admin approval. 

Dear All,

As per my knowledege, You cant stop the DLP services from Services.msc.As DLP services can be seen in this with named as EDPA and WDP and can be renamed but they cant be stopped in such way.

For stopping the services Symantec has exclusively created endpoint tools from that you need to use Shutdown_services.exe application. Then only you can do above things. There is no direct relation of SEP tamper protection with DLP agent service protection.

Please refer for more

http://www.symantec.com/connect/downloads/required-tools-troubleshoot-dlp-endpoint-agents-v11

Dear Technical and Pete,

I am not agree with above solution as there is no relation of temper protection in symantec DLP agent.

DLP services cant be stopped by any above method , it can be stopped only by endpoint tools providede by symantec and having name of application Shutdown_services.exe. Please chcek once again. 

This ability exists in DLP 11.6

Thread here, check it

https://www-secure.symantec.com/connect/forums/how-protect-symantec-dlp-endpoint-agent-services-edpa-wdp

Also, shows on page 18 of the admin guide

https://www-secure.symantec.com/connect/sites/default/files/Symantec_DLP_11.6_Release_Notes_0.pdf

Hello KS,

Pete and Brain provide the same answer which has already marked by someone, it's mean that the person which has marked at last have found the option before paste as solution. I am not still deploy the symantec on our Site but these query provided by my senior to confirm for the security purpose.

He was agree on it then i have marked it as solution.

For the more information you can read the above Brain comment

Found the yang_zhang both comments

https://www-secure.symantec.com/connect/forums/how-protect-symantec-dlp-endpoint-agent-services-edpa-wdp

Hi Technical, Brian and Pete,

I appreciate your responce on this but try to understand that the answer are not correct as per query.

I have read page no 65 and also refer the above links so I can say that When upgrading, Symantec Endpoint Protection (SEP) shows tamper protection alerts when edpa.exe restarts in the presence of the Symantec ManagementAgent.In such case EDPA are added in exception as per below to run edpa & wdp services.

Per the DLP Admin Guide, page 18:

KSharma and Brian,

The anti tamper measures explanation in the Admin guide is not that precise. A better description of the tamper proofing is under the Advanced Agent Settings under the description for AgentTamperProtection.ENABLE_AGENT_TAMPER_PROTECTION.int which defaults to "7". The values are below from the on-line help.

This setting enables tamper protection on the Symantec Data Loss Prevention Endpoint agent.

A setting of 0 disables all tamper protection.

A setting of 1 prevents the agent and watchdog files from being deleted or modified.

A setting of 2 prevents the agent and watchdog services from being stopped.

A setting of 4 prevents the agent and watchdog services from being deleted from the operating-system registry.

A setting of 7 enables file, service, and registry protection.