Skip to main content
Question

Symantec DLP Agent installation detection

  • December 16, 2020
  • 6 replies
  • 52 views
B
Forum|alt.badge.img+9

I am looking for a solution for a smart computer group that will display the number of machines with the Symantec DLP agent installed.

From what I can tell this runs under the 'edpa' process, but I am not finding any inventory data for Symantec DLP or edpa.

I thought about maybe using the Application Bundle ID from the info.plist that is supposed to live in /Library/Manufacturer/Endpoint Agent/Resources/ but the info.plist file is not existent.

I realize I could do "packages installed by Casper" to pull a list for a SCG but this won't be accurate if the end user uninstalls the agent down the road.

Any suggestions?

6 replies

S
Forum|alt.badge.img+7
  • smpotter
  • New Contributor
  • December 16, 2020

The way I handled this was to create a EA with the following script which gives me the installed version if found. The you can create a Smart Group based off the EA.

#!/bin/bash

if [ -f "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" ]; then
        dlVersion=$( /usr/bin/defaults read "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" CFBundleVersion )
    else
        dlVersion="Not Installed"
fi

echo "<result>$dlVersion</result>"
B
B
Forum|alt.badge.img+9
  • bmack99
  • Author
  • Valued Contributor
  • December 16, 2020

Thanks @smpotter I will give this a go.

J
Forum|alt.badge.img+26
  • jhalvorson
  • Honored Contributor
  • December 2, 2021

With version 15.8mp1, the CUI isn't an app, now it's an executable within the Symantec.app.  The older Extension Attribute wasn't working properly to detect and report.  I've updated the EA to the following:

#!/bin/zsh

##############################################################################
# A script to collect the version of Symantec DLP currently installed.
# Depending on the version installed, the method to detect version number has changed with
# the release of 15.8mp1

RESULT="Not Installed"

if [[ -f "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" ]]; then
RESULT=$( defaults read "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" CFBundleVersion )
elif [[ -f "/Library/Manufacturer/Endpoint Agent/Symantec.app/Contents/Info.plist" ]]; then
RESULT=$( defaults read "/Library/Manufacturer/Endpoint Agent/Symantec.app/Contents/Info.plist" CFBundleVersion )
fi

echo "<result>$RESULT</result>"

This version of the EA script is correctly reporting version 15.0.0101.01002 through 15.8.00100.01075 on our Macs.

S
ImAMacGuy
markdmatthews
Forum|alt.badge.img+17
  • markdmatthews
  • Contributor
  • February 7, 2022

could also just look for the process...

#!/bin/bash

# check for process
PROCESS=$( pgrep edpa )

#see if process is running
if [[ -z "$PROCESS" ]]; then
RESULT="False"
else
RESULT="True"
fi

#report results
echo "<result>${RESULT}</result>"

B
Forum|alt.badge.img+2
  • Batbold
  • New Contributor
  • November 30, 2022

With version 15.8mp1, the CUI isn't an app, now it's an executable within the Symantec.app.  The older Extension Attribute wasn't working properly to detect and report.  I've updated the EA to the following:

#!/bin/zsh

##############################################################################
# A script to collect the version of Symantec DLP currently installed.
# Depending on the version installed, the method to detect version number has changed with
# the release of 15.8mp1

RESULT="Not Installed"

if [[ -f "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" ]]; then
RESULT=$( defaults read "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" CFBundleVersion )
elif [[ -f "/Library/Manufacturer/Endpoint Agent/Symantec.app/Contents/Info.plist" ]]; then
RESULT=$( defaults read "/Library/Manufacturer/Endpoint Agent/Symantec.app/Contents/Info.plist" CFBundleVersion )
fi

echo "<result>$RESULT</result>"

This version of the EA script is correctly reporting version 15.0.0101.01002 through 15.8.00100.01075 on our Macs.


Hello can you share us with how you installed DLP on macs using jamf pro? 

J
Forum|alt.badge.img+26
  • jhalvorson
  • Honored Contributor
  • November 30, 2022

Hello can you share us with how you installed DLP on macs using jamf pro? 


I use the Packages app

I add ten files to the Scripts section.  These are provided to me by our DLP Admins.

I add one postinstall script and then build the package.

The postinstall script is similar to this:

#!/bin/bash # Variables used for logging logFile="/private/var/log/CompanyName.log" # Logging funtion log () { echo $1 echo $(date "+%Y-%m-%d %H:%M:%S: ") $1 >> $logFile } log "-----" log "Begin Symantec DLP 15.8 MP1" # Determine working directory install_dir=`dirname $0` # Change to working directory /usr/bin/cd $install_dir # Install the Symantec DLP agent /bin/sh "$install_dir/install_agent.sh" log "Completed Symantec DLP 15.8 MP1" exit 0 ## Success exit 1 ## Failure

 

Terms & ConditionsCookie settingsAccessibility statement