Symantec DLP Agent installation detection

bmack99
Contributor III

I am looking for a solution for a smart computer group that will display the number of machines with the Symantec DLP agent installed.

From what I can tell this runs under the 'edpa' process, but I am not finding any inventory data for Symantec DLP or edpa.

I thought about maybe using the Application Bundle ID from the info.plist that is supposed to live in /Library/Manufacturer/Endpoint Agent/Resources/ but the info.plist file is not existent.

I realize I could do "packages installed by Casper" to pull a list for a SCG but this won't be accurate if the end user uninstalls the agent down the road.

Any suggestions?

6 REPLIES 6

smpotter
New Contributor III

The way I handled this was to create a EA with the following script which gives me the installed version if found. The you can create a Smart Group based off the EA.

#!/bin/bash

if [ -f "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" ]; then
        dlVersion=$( /usr/bin/defaults read "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" CFBundleVersion )
    else
        dlVersion="Not Installed"
fi

echo "<result>$dlVersion</result>"

bmack99
Contributor III

Thanks @smpotter I will give this a go.

jhalvorson
Valued Contributor

With version 15.8mp1, the CUI isn't an app, now it's an executable within the Symantec.app.  The older Extension Attribute wasn't working properly to detect and report.  I've updated the EA to the following:

#!/bin/zsh

##############################################################################
# A script to collect the version of Symantec DLP currently installed.
# Depending on the version installed, the method to detect version number has changed with
# the release of 15.8mp1

RESULT="Not Installed"

if [[ -f "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" ]]; then
RESULT=$( defaults read "/Library/Manufacturer/Endpoint Agent/CUI.app/Contents/Info.plist" CFBundleVersion )
elif [[ -f "/Library/Manufacturer/Endpoint Agent/Symantec.app/Contents/Info.plist" ]]; then
RESULT=$( defaults read "/Library/Manufacturer/Endpoint Agent/Symantec.app/Contents/Info.plist" CFBundleVersion )
fi

echo "<result>$RESULT</result>"

This version of the EA script is correctly reporting version 15.0.0101.01002 through 15.8.00100.01075 on our Macs.

Hello can you share us with how you installed DLP on macs using jamf pro? 

jhalvorson
Valued Contributor

I use the Packages app

I add ten files to the Scripts section.  These are provided to me by our DLP Admins.

I add one postinstall script and then build the package.

The postinstall script is similar to this:

#!/bin/bash

# Variables used for logging
logFile="/private/var/log/CompanyName.log"

# Logging funtion
log () {
	echo $1
	echo $(date "+%Y-%m-%d %H:%M:%S: ") $1 >> $logFile	
}

log "-----"
log "Begin Symantec DLP 15.8 MP1"

# Determine working directory
install_dir=`dirname $0`

# Change to working directory
/usr/bin/cd $install_dir

# Install the Symantec DLP agent
/bin/sh "$install_dir/install_agent.sh"

log "Completed Symantec DLP 15.8 MP1"

exit 0  ## Success
exit 1  ## Failure

 

markdmatthews
Contributor

could also just look for the process...

#!/bin/bash

# check for process
PROCESS=$( pgrep edpa )

#see if process is running
if [[ -z "$PROCESS" ]]; then
RESULT="False"
else
RESULT="True"
fi

#report results
echo "<result>${RESULT}</result>"