- Jamf Nation Community
- Products
- Jamf Pro
- How to install Symantec DLP?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to install Symantec DLP?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-29-2022 04:06 PM
Hello. i am new here. How to install Symantec DLP on macbooks?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2022 05:48 AM
Reach out to the vendor (Symantec) and have them provide documentation. The Broadcom does have some documentation posted publicly. Deploy the DLP Endpoint Agent in macOS environment. (broadcom.com)
The install should be pretty straight forward. Symantec provides a .pkg which you can just shove into JAMF and deploy with a policy.
Two things the vendor will need to provide information on:
- The client will likely need configuration. You will need to know how this configuration is delivered
- Is the configuration automatic, does the package handle this?
- Do you need a post install script to configure the client?
- Do you need a configuration profile to configure the client?
- You will probably need Configuration Profiles to provide the permissions Symantec needs.
- There will probably a few binaries that need TTC/PPPC permissions, most likely full disk access. You need to know what these binaries are and what permissions they need.
You can figure some of this stuff out with trial and error, but its best to make the vendor provide the documentation. After all they are not providing this endpoint for free, you are paying for the endpoint and the support that comes with it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-30-2022 09:39 AM
Pkg that is deployed to /private/var/tmp/Mac
Script (After) executes cd /private/var/tmp/Mac ./install_agent.sh
Maintenance
Target: All Managed Clients / All Managed Servers
Exclude: Symantec DLP Endpoint Agent - Installed
Criteria for Symantec DLP Endpoint Agent - Installed = True for Extension Attribute: Symantec DLP Endpoint Agent - Installed
EA Data Type: String
EA Input Type: Script:
#!/bin/bash
# check for process
PROCESS=$( pgrep edpa )
#see if process is running
if [[ -z "$PROCESS" ]]; then
RESULT="False"
else
RESULT="True"
fi
#report results
echo "<result>${RESULT}</result>"
I also go a step further with Version check and uninstall/reinstall IF NOT "current"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-02-2022 05:37 AM
We package it in composer to install in tmp directory, but we run the install using the files and processes option on the deploy policy. Should change to the package to use the post scrip.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2022 02:06 AM
You can package the symantec DLP agent using composer and push it via policy. ( Please check for the compatible mac agent versions and compatible OS versions)
Symantec also provides PPPC file which you can push it as it is under configuration profile.
if you are using DLP extension for outlook client then you also need to push outlook addin certificate to remote clients and make sure that it is trusted. Without this Symantec console will show you critical alerts for outlook addin not deployed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2022 07:47 AM
Also, you'll want to add the plist for the firefox and safari extensions as well.
Reply
