The challenge with SMP 7.5 is that the DLP agent is no longer an integrated agent component or plug-in to the Symantec Management Agent (refer to the KB article HOWTO92275: http://www.symantec.com/docs/HOWTO92275.
However using the Software Management Solution and a Managed Software Deliver policy you can deploy the DLP agent to each managed computers in your environment.
Add DLP Agent Installation Files as Software Release
The following steps will walk you through how to add the DLP AgentInstall.msi as a Software Release that can be deployed to managed computers:
- Obtain the Windows DLP agent software from Symantec. The DLP 7.5 Install Guide for Windows is attached as a reference. This install guide is for all DLP products. The instructions for the Agent starts on page 71 (Chapter or Section 7).
- Copy the DLP agent software that has been extracted to a location that the SMP 7.5 server can find. DLP has an AgentInstall.msi for both x86 and x64 platforms. We will create a software release for both platforms.
Add new software resource for DLP AgentInstall64.msi for x64
- Open Manage | Software | Software Catalog and click Import from the panel marked Newly discovered / undefined software.
- Select Software Release from the Software type download.
- Select the package source location for where the DLP agent source file is found. If the files are copied locally then you can choose the Software Library. The Software Library has to be configured in SMP 7.5 in order to import new software resources.
- Click the + Add button in Package contents. The user is presented a windows explorer dialog to find the DLP AgentInstall64.msi file as seen in figure 2. Click Open
- The AgentInstall64.msi has been added as the Package contents. Click Next.
- The Import Software: Software Details dialog is shown. Apply the following settings:
- Create or Update radio button: Create a new software resource
- Name: Symantec DLP 12.5 Agent Installation x64
- Company: Symantec Corp.
- Version: automatically populate
- Check Open software resource for editing when finished
- The software resource called Symantec DLP 12.5 Agent Installation x64 will open for editing. Open the Package tab and notice how the package and command lines were automatically populated.
- Open the Rules tab and view the Detection Rule by clicking on the yellow pencil icon. The detection rule is auto-populated with the MSI product code
- For the Applicability Rule, click Browse and select the 64 bit platform
- Select OK to close the software resource
Add new software resource for DLP AgentInstall.msi for x86
- Open Manage | Software | Software Catalog and click Import from the panel marked Newly discovered / undefined software.
- Select Software Release from the Software type download.
- Select the package source location for where the DLP agent source file is found. If the files are copied locally then you can choose the Software Library. The Software Library has to be configured in SMP 7.5 in order to import new software resources.
- Click the + Add button. The user is presented a windows explorer dialog to find the DLP AgentInstall.msi file. Click Open
- The file called AgentInstall.msi has been added as the Package contents. Click Next.
- The Import Software: Software Details dialog is shown. Apply the following settings:
- Create or Update radio button: Create a new software resource
- Name: Symantec DLP 12.5 Agent Installation x86
- Company: Symantec Corp.
- Version: automatically populate
- Check Open software resource for editing when finished
- The software resource called Symantec DLP 12.5 Agent Installation x86 will open for editing. Open the Package tab and notice how the package and command lines were automatically populated.
- Open the Rules tab and view the Detection Rule by clicking on the yellow pencil icon. The detection rule is auto-populated with the MSI product code
- For the Applicability Rule, click Browse and select the 32 bit platform
- Select OK to close the software resource
- Open Manage | Policies | Software then right click on Manage Software Delivery | New | Manage Software Delivery (MSD) to create a new MSD policy
Create Managed Software Delivery Policy to Deploy DLP Agent Installation Software
Now that we have created software resources for each type of DLP 12.5 Agent Installation we need to deliver the software to the computers. This can be done which Software Management Solution in Symantec Management Console (Altiris).
Create MSD policy to Deliver DLP 12.5 Agent Install x86
The steps to create a Managed Software Delivery (MSD) policy for each processor type x86 are as follows:
- Open Manage | Policies | Software and then right Manage Software Delivery | New| Managed Software Delivery
- A New Managed Software Delivery policy will open for editing.
- Name the new policy DLP 12.5 Agent Install x86
- In the Software tab select the + Add button dropdown and choose Software
- The Select Software dialog appears, search for DLP software that we created in the previous section see figure below
- Find and select the software called Symantec DLP 12.5 Agent Install x86. Click OK to add the software to the policy
- Click on the Applied to section within the policy to choose the set of x86 computers which will install the DLP x 86 agents.
- Click the Apply to dropdown menu and choose Computers
- The Select computers dialog appears, modify the Filtering rule as follows:
- Add Rule. THEN: exclude computer not in, FILTER: Windows 2000/XP/Vista/7/8 Workstations
- Add Rule. THEN: exclude computer not in, FILTER: Windows x86
- Click OK
- Click on the Schedule section within the policy to set a schedule for when the DLP agent should be installed.
- Click the Add schedule | Scheduled Time and set the Start as desired (such as 18:00)
- Click on the No Repeat icon and set Repeat every: Day. This will make the policy run once per day and catch computers that were not on or not available the first time.
- Enable the policy by clicking the red OFF button and set it to Green ON
Create MSD policy to Deliver DLP 12.5 Agent Install x64
Repeat the steps to create a Managed Software Delivery (MSD) policy for each processor type x64 are as follows:
- Open Manage | Policies | Software and then right Manage Software Delivery | New |Managed Software Delivery
- A New Managed Software Delivery policy will open for editing.
- Name the new policy DLP 12.5 Agent Install x64
- In the Software tab select the + Add button dropdown and choose Software
- The Select Software dialog appears, search for DLP software that we created in the previous section see figure below
- Find and select the software called Symantec DLP 12.5 Agent Install x64. Click OK to add the software to the policy
- Click on the Applied to section within the policy to choose the set of x86 computers which will install the DLP x64 agent.
- Click the Apply to dropdown menu and choose Computers
- The Select computers dialog appears, modify the Filtering rule as follows:
- Add Rule. THEN: exclude computer not in, FILTER: Windows 2000/XP/Vista/7/8 Workstations
- Add Rule. THEN: exclude computer not in, FILTER: Windows x64
- Click OK
- Click on the Schedule section within the policy to set a schedule for when the DLP agent should be installed.
- Click the Add schedule | Scheduled Time and set the Start as desired (such as 18:00)
- Click on the No Repeat icon and set Repeat every: Day. This will make the policy run once per day and catch computers that were not on or not available the first time.
- Enable the policy by clicking the red OFF button and set it to Green ON
Summary
Now that you have create the DLP 12.5 Agent Install software resources and the associated Managed Software Delivery, the DLP agent installations should be scheduled to run. Check the agent logs and tasks to troubleshoot any issues that may occur.
(See original article Deploy the Data Loss Prevention 12.5 (DLP) Agent using Software Management Solution in Symantec Management Platform 7.5 )