Data Loss Prevention

 View Only
Expand all | Collapse all

Symantec Data Loss Prevention endpoint agent unattended installation

  • 1.  Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 07, 2012 11:11 AM

    Could you please share your experience on Data Loss Prevention endpoint agents unattended installation.

    I'm now trying to setup agents, using Windows Server group policies, but these require .msi files to be preconfigured first.

    Maybe you know how to do this. Or how to use Symantec Management Platform (I don'd have one) for smooth deployment? 



  • 2.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Broadcom Employee
    Posted Dec 07, 2012 11:55 AM

    yes, use the .msi , replace XXX with the correct server IPand key for uninstall

     

    msiexec /i \\DLP\64\AgentInstall64.msi /q INSTALLDIR="C:\Program Files\Manufacturer\Endpoint Agent\" ENDPOINTSERVER="X.X.X.X" KEY="" UNINSTALLPASSWORDKEY="XXXXXX" SERVICENAME="EDPA" WATCHDOGNAME="WDP" ARPSYSTEMCOMPONENT="1"



  • 3.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 10, 2012 06:19 AM

    Pete, thank you for reply. I know that endpoint agent could be installed that way in elevated command prompt mode. This is the only way I can do this now. The only way that works. But this way is manual. I want agents to be installed in automated mode.

    What I am doing now is trying to use Windows Server group policies (GPO) to install agents from network location. But the problem is that .msi files that require parameters during installation should be accompanied with correct .mst file. Don't know how to generate one with the correct settings for enpoint server IP, port etc that is in the .bat file. Any thoughts?



  • 4.  RE: Symantec Data Loss Prevention endpoint agent unattended installation
    Best Answer

    Posted Dec 10, 2012 07:20 AM

    Hello,

    yang_zhang created a detailed description for deploy DLP endpoint agent by active directory GPO. Please, see here: https://www-secure.symantec.com/connect/articles/deploy-dlp-endpoint-agent-active-directory-gpo



  • 5.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 10, 2012 11:05 PM

    After 8 and 9 ver, I think there is no requirement of .msi package. I think using Altiris it will be more easy to deploy the agents on machines.

    You can refer below useful links which will surely give u some idea

    https://www-secure.symantec.com/connect/articles/installing-dlp-endpoint-agent-altiris

    https://www-secure.symantec.com/connect/blogs/deploying-dlp-endpoint-may-not-be-scariest-part

     https://www-secure.symantec.com/connect/articles/deploy-dlp-endpoint-agent-active-directory-gpo



  • 6.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 13, 2012 10:01 AM

    Using Altiris is very promising. I have tried to install the Management Platform - not that easy. Nice idea anyway (I mean - using native Symantec product ot deploy).



  • 7.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 13, 2012 04:49 PM

    UFO,

     

    do you neeed the info to setup the integrated componet for Altiris? if so let me know i have the instructions.



  • 8.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 17, 2012 10:51 AM

    UFO,

     

    here is a link to it...

    http://www.symantec.com/business/support/index?page=content&id=TECH158424&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1355759377560E4o9FO6OIHU885VCKJYT15agKa7D6tJSZFV50



  • 9.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 19, 2012 03:12 AM

    Hi

    thanks. it seems that this guide was written very quickly. Why do we need to look for such kind of guides here on Connect or elsewhere? Why this is not included in DLP manual? Questions are not to you, of course. thanks for the link again.



  • 10.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 21, 2012 08:27 PM

    I'm trying to do an unattended installation, but I can't seem to get it to take on multiple endpoint servers as a parameter. Just an example of what I'm doing:

     

    msiexec /i AgentInstall64v2.msi
    INSTALLDIR="%SYSTEMDRIVE%\Program Files\Manufacturer\Endpoint Agent\"
    ENDPOINTSERVER="XXX.XXX.XXX.XXX;XXX.XXX.XXX.XXX" 
    KEY="" 
    UNINSTALLPASSWORDKEY=""
    SERVICENAME="EDPA"
    WATCHDOGNAME="WDP"
    ARPSYSTEMCOMPONENT="1"
     
    And then what I get when I go through and verify settings: http://i.imgur.com/X82y8.png
     
     
    Anyone have any ideas how to make this work?


  • 11.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Broadcom Employee
    Posted Dec 21, 2012 09:44 PM

    seems to be right, has the install been done? specify port number with columnn unless default port is other than 8000 10.67.20.36:8002

    ex: ENDPOINTSERVER="epserver.company.com;10.67.20.36"

     



  • 12.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Dec 21, 2012 10:04 PM

    Well therein lies the issue. It does seem to be right and for all intents and purposes it should work, but if you look at the image link I posted, the parameters aren't being entered correctly into the program. We did go through with the install, but the computer never communicates with the server because of this. 



  • 13.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Broadcom Employee
    Posted Dec 21, 2012 10:13 PM

    i saw the image, keep the 1 enpoint server in 1 text field the other has to be in next text field. check if this works, if it does not then there could be a firewall thats blocking the communication.



  • 14.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Jan 16, 2013 07:16 AM

    You should be right. Separate fields for separate servers. And what about endpoints? This approach works as endpoint agent configuration for one enpoint that will be communicating with several servers. How to populate this scenario to all endpoints in company?



  • 15.  RE: Symantec Data Loss Prevention endpoint agent unattended installation

    Posted Feb 18, 2013 08:04 AM

    Who can do this unattended installation - please share your experience.