How to install Symantec DLP?

Margulan
New Contributor

Hello. i am new here. How to install Symantec DLP on macbooks? 

5 REPLIES 5

AJPinto
Honored Contributor II

Reach out to the vendor (Symantec) and have them provide documentation. The Broadcom does have some documentation posted publicly. Deploy the DLP Endpoint Agent in macOS environment. (broadcom.com)

 

The install should be pretty straight forward. Symantec provides a .pkg which you can just shove into JAMF and deploy with a policy.

 

Two things the vendor will need to provide information on:

  • The client will likely need configuration. You will need to know how this configuration is delivered
    • Is the configuration automatic, does the package handle this?
    • Do you need a post install script to configure the client?
    • Do you need a configuration profile to configure the client?
  • You will probably need Configuration Profiles to provide the permissions Symantec needs.
    • There will probably a few binaries that need TTC/PPPC permissions, most likely full disk access. You need to know what these binaries are and what permissions they need.

 

You can figure some of this stuff out with trial and error, but its best to make the vendor provide the documentation. After all they are not providing this endpoint for free, you are paying for the endpoint and the support that comes with it.

 

markdmatthews
Contributor

Pkg that is deployed to /private/var/tmp/Mac

Script (After)  executes cd /private/var/tmp/Mac ./install_agent.sh

Maintenance

Target: All Managed Clients / All Managed Servers

Exclude: Symantec DLP Endpoint Agent - Installed

Criteria for Symantec DLP Endpoint Agent - Installed = True for Extension Attribute: Symantec DLP Endpoint Agent - Installed

 

EA Data Type: String

EA Input Type: Script: 

#!/bin/bash

# check for process
PROCESS=$( pgrep edpa )

#see if process is running
if [[ -z "$PROCESS" ]]; then
RESULT="False"
else
RESULT="True"
fi

#report results
echo "<result>${RESULT}</result>"

I also go a step further with Version check and uninstall/reinstall IF NOT "current"

SMR1
Contributor III

We package it in composer to install in tmp directory, but we run the install using the files and processes option on the deploy policy. Should change to the package to use the post scrip.

nachiket_s
New Contributor III

You can package the symantec DLP agent using composer and push it via policy. ( Please check for the compatible mac agent versions and compatible OS versions)

Symantec also provides PPPC file which you can push it as it is under configuration profile. 

if you are using DLP extension for outlook client then you also need to push outlook addin certificate  to remote clients and make sure that it is trusted. Without this Symantec console will show you critical alerts for outlook addin not deployed.

SMR1
Contributor III

Also, you'll want to add the plist for the firefox and safari extensions as well.