0% found this document useful (0 votes)

22 views

RSA DLP 9.6 Endpoint Deployment Guide

Uploaded by

Linh Nguyễn

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

22 views

RSA DLP 9.6 Endpoint Deployment Guide

Uploaded by

Linh Nguyễn

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 86

RSA DLP 9.

6 Endpoint

Deployment Guide
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/
index.htm
Trademarks
RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or
other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go
to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and
may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice
below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any
other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Third-Party Licenses
This product may include software developed by parties other than RSA. The text of the license agreements applicable to
third-party software in this product may be viewed in the thirdpartylicenses_DLP_9.6.pdf file.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2013 EMC Corporation. All Rights Reserved. Published in the USA.
February 2013
RSA DLP 9.6 Endpoint Deployment Guide

Contents
Preface ..................................................................................................................................... 7
About This Guide................................................................................................................ 7
Product Version ........................................................................................................... 7
Organization of This Book .......................................................................................... 7
RSA DLP Documentation................................................................................................... 8
Related Documentation................................................................................................ 8
Support and Contact Information........................................................................................ 9
RSA DLP Customer Support....................................................................................... 9
Support Contacts................................................................................................... 9
Before You Call Customer Support...................................................................... 9
RSA DLP Consulting Services .................................................................................. 10
RSA DLP Education Services ................................................................................... 10
Contact RSA DLP...................................................................................................... 10

Chapter 1: Introduction.......................................................................................................11
About DLP Endpoint .........................................................................................................11
RSA DLP Endpoint Components ..................................................................................... 12
How DLP Endpoint Agent Works .................................................................................... 13
Policy-Based Content Analysis and User Action Control ......................................... 14

Chapter 2: Preparing for RSA DLP Endpoint Deployment....................................... 17

System Requirements........................................................................................................ 17
Enterprise Manager Requirements............................................................................. 17
Hardware Requirements ..................................................................................... 18
Software Requirements....................................................................................... 18
Endpoint Coordinator Requirements ......................................................................... 19
Hardware Requirements ..................................................................................... 20
Software Requirements....................................................................................... 20
Endpoint Agent Requirements................................................................................... 21
Hardware Requirements ..................................................................................... 21
Software Requirements....................................................................................... 22
Port Usage.................................................................................................................. 23
Network Accessibility................................................................................................ 25
Endpoint Agent Deployment Requirements .............................................................. 26
Third-Party Application Integration.................................................................................. 26
RSA SecurID Integration........................................................................................... 26
SIEM Integration ....................................................................................................... 26
DRM Integration........................................................................................................ 26

Contents 3
RSA DLP 9.6 Endpoint Deployment Guide

LDAP Repositories .................................................................................................... 27

DLP Endpoint Deployment Flow ..................................................................................... 27

Chapter 3: Deploying Enterprise Manager ................................................................... 29

Perform Pre-Installation Tasks.......................................................................................... 29
Create the Domain User Account .............................................................................. 30
Set Permissions for the Run-As User ........................................................................ 30
Update Run-As User Credentials............................................................................... 31
Set Up the Enterprise Manager Database .................................................................. 32
Install SQL Server Client Software ........................................................................... 33
Installing Enterprise Manager........................................................................................... 34
Install Enterprise Manager Using the Wizard............................................................ 34
Install Enterprise Manager Using the Command Line .............................................. 39
Install Enterprise Manager Remotely ........................................................................ 43
Verify the Enterprise Manager Installation....................................................................... 43
Uninstall Enterprise Manager ........................................................................................... 44

Chapter 4: Deploying Endpoint Coordinators ............................................................. 47

Endpoint Coordinator Overview....................................................................................... 47
Endpoint Coordinator Deployment Prerequisites ............................................................. 48
Install Endpoint Coordinators ........................................................................................... 48
Install Endpoint Coordinator Using the Wizard ........................................................ 49
Install Endpoint Coordinator Using the Command Line ........................................... 51
Verify the Endpoint Coordinator Installation ................................................................... 54
Initialize the Root Endpoint Coordinator.......................................................................... 55
Add Endpoint Coordinators .............................................................................................. 56
Uninstall Endpoint Coordinator ........................................................................................ 56

Chapter 5: Installing DLP Endpoint Agents ................................................................. 59

DLP Endpoint Agent Installation Prerequisites ................................................................ 59
Install DLP Endpoint Agents ............................................................................................ 60
Install Endpoint Agent Using the Command Line..................................................... 60
Remotely Install Multiple Endpoint Agents .............................................................. 61
Locally Install a Single Endpoint Agent.................................................................... 63
Verify Endpoint Agent Installation................................................................................... 64
Uninstall Endpoint Agent.................................................................................................. 64
Remotely Uninstall Multiple Endpoint Agents ......................................................... 65
Uninstall a Single Endpoint Agent ............................................................................ 65

Appendix A: Endpoint Agent Messages ....................................................................... 67

About DLP Endpoint Agent User Interface...................................................................... 67
Notification Dialogs.......................................................................................................... 68
Notification Dialogs for File Operations ................................................................... 68
Notification Dialogs for Clipboard Operations ......................................................... 70
Customizing Endpoint Agent Notifications...................................................................... 74

4 Contents
RSA DLP 9.6 Endpoint Deployment Guide

Appendix B: DLP Deployment Scenarios ..................................................................... 77

Full Enterprise Deployment .............................................................................................. 78
DLP Datacenter and DLP Network .................................................................................. 79
DLP Datacenter and DLP Endpoint.................................................................................. 80
DLP Network and DLP Endpoint ..................................................................................... 81
DLP Network Only ........................................................................................................... 82
DLP Datacenter Only........................................................................................................ 83
DLP Endpoint Only .......................................................................................................... 84

Index ....................................................................................................................................... 85

Contents 5
RSA DLP 9.6 Endpoint Deployment Guide

6 Contents
RSA DLP 9.6 Endpoint Deployment Guide

Preface
This guide is intended to help system administrators and information-technology
specialists install and configure RSA DLP Endpoint.

Topics:

• About This Guide

• RSA DLP Documentation
• Support and Contact Information

About This Guide

Product Version
The information in this book is current as of DLP Endpoint version 9.6. Corrections or
updates to this information may be available through RSA SecurCare® Online, at
https://knowledge.rsasecurity.com

Organization of This Book

This book includes the following chapters and appendixes:
• Chapter 1, “Introduction” is an overview of DLP Endpoint, it’s components, and
how it works.
• Chapter 2, “Preparing for RSA DLP Endpoint Deployment” describes the system
requirements and the supported third-party applications.
• Chapter 3, “Deploying Enterprise Manager” describes how to install
RSA DLP Enterprise Manager.
• Chapter 4, “Deploying Endpoint Coordinators” describes how to install and
configure RSA DLP Endpoint Coordinators.
• Chapter 5, “Installing DLP Endpoint Agents” describes how to install and
configure Endpoint agents.
• Appendix A, “Endpoint Agent Messages” explains the alerts and dialog boxes
displayed by the Endpoint agent to end-users.
• Appendix B, “DLP Deployment Scenarios” presents common scenarios for
deployment of the DLP products, including single-product and multiple-product
configurations.

Preface 7
RSA DLP 9.6 Endpoint Deployment Guide

RSA DLP Documentation

RSA Data Loss Prevention 9.6 Product Documentation is available on RSA
SecurCare Online at https://knowledge.rsasecurity.com/scolcms/
sets.aspx?product=dlp&_v=document. The following table lists the documents
that are part of the RSA Data Loss Prevention 9.6.

Category Documents

User Guides • RSA DLP Network User Guide

• RSA DLP Datacenter User Guide
• RSA DLP Endpoint User Guide

Deployment Guides • RSA DLP Network Deployment Guide

• RSA DLP Datacenter Deployment Guide
• RSA DLP Endpoint Deployment Guide

Best Practices • RSA DLP Datacenter Best Practices

• RSA DLP Endpoint Best Practices

Additional Documents • RSA DLP Policy Guide

• RSA DLP Quick Start
• RSA DLP Upgrade Guide
• RSA DLP Maintenance Guide
• RSA DLP Troubleshooting Guide

Related Documentation
For additional information to supplement the product documentation, see the
following:

Technical Notes. The technical notes discuss optional configuration procedures for
DLP components or third-party software.The DLP Technical Notes are available on
RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/
set.aspx?id=8494

8 Preface
RSA DLP 9.6 Endpoint Deployment Guide

Support and Contact Information

Read this section if you want to contact RSA or request technical support or services.

RSA DLP Customer Support

Access these locations for help with your DLP product.

Support Contacts

RSA SecurCare Online https://knowledge.rsasecurity.com

Customer Support Information http://www.emc.com/support/rsa/index.htm

RSA Solution Gallery https://gallery.emc.com/community/marketplace/rsa

RSA SecurCare Online offers a knowledgebase that contains answers to common

questions and solutions to known problems. It also offers information on new releases,
important technical news, and software downloads.

The RSA Customer Support Information sites contains information on RSA support
programs plus an extensive Content Library of product-related documents such as
datasheets, guides and whitepapers.

The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.

Before You Call Customer Support

Make sure you have direct access to the computer running your DLP product.

Please have the following information available when you call:

• Your RSA Customer Serial Number. You can find this number on the RSA Order
Confirmation document for your DLP product.
• The software version number of your DLP product.
• The make and model of the machine on which the problem occurs.
• The name and version of the operating system under which the problem occurs.

Preface 9
RSA DLP 9.6 Endpoint Deployment Guide

RSA DLP Consulting Services

RSA provide a set of consulting services to help businesses address security and
sensitive-data loss vulnerabilities quickly and effectively. The services, which
complement RSA security products, can help your organization to understand your
risks, prioritize your resources, and expedite the design and implementation of the
most effective and appropriate Data Loss Prevention solution.

RSA DLP Education Services

RSA Education Services provides the following courses:
• RSA Data Loss Prevention Policy and Classification. This course provides a
comprehensive training program in policy and classification for data loss
prevention. This training course centers around the RSA Data Loss Prevention
and on building the knowledge and skills to use the tools needed to detect
sensitive content in the most accurate and efficient manner possible. This course
also provides compliance officers and technical professionals with the knowledge
and skills necessary to successfully safeguard enterprise content.
• RSA Data Loss Prevention Administration. This course provides
comprehensive instruction in the administration and configuration of the RSA
Data Loss Prevention. Theory and product basics such as the RSA DLP
architecture, integration of RSA DLP components, and the importance of various
configuration parameters are discussed. Students participate in hands-on exercises
that build on the basic concepts and allow practical experience in building an
RSA DLP system.
For an up-to-date schedule of Instructor-led classes and other training options, visit
the RSA Training and Certification web site, http://www.emc.com/training/
rsa-education-services/index.htm.

Contact RSA DLP

RSA Security Inc. develops industry-leading security solutions, including content
discovery and remediation technology that prevents unauthorized or unintended
dissemination of confidential or sensitive information. By preventing such
disclosures, the RSA DLP helps organizations reduce legal and financial risk, enhance
customer trust, and achieve regulatory compliance.

For general information about RSA and the RSA DLP, visit http://www.emc.com/
security/rsa-data-loss-prevention.htm.

10 Preface
RSA DLP 9.6 Endpoint Deployment Guide

1 Introduction

This chapter provides an overview of RSA DLP Endpoint.

Topics:

• About DLP Endpoint

• RSA DLP Endpoint Components
• How DLP Endpoint Agent Works

About DLP Endpoint

RSA DLP Endpoint is a comprehensive content security solution that provides strong
audit trails and granular policy enforcement. Using DLP Endpoint, you can monitor
where sensitive information goes, identify potential policy violations, and enforce
policy compliance on end-user computers so that violations don't happen in the first
place.

DLP Endpoint offers different levels of protection, from auditing actions on sensitive
data to monitoring threshold behaviors for anomalies, to actively enforcing policies,
and stopping the misuse of data before it happens.

DLP Endpoint can perform the following functions:

• Monitor and control a range of user actions as defined by active policies.
• Audit user actions involving sensitive data, send alerts of policy violations, and
create audit logs.
• Restrict user actions involving sensitive data.

The Endpoint agent installed on the end-user machine does not interfere in the user’s
activities. Hence, end-users do not have to learn new software or change existing
processes to work with protected information.

Chapter 1: Introduction 11
RSA DLP 9.6 Endpoint Deployment Guide

RSA DLP Endpoint Components

A typical DLP Endpoint deployment includes the following components:
• Enterprise Manager. An integrated web-based management console for
administration, configuration, policy management, incident remediation, and
reporting.
• Root Endpoint Coordinator. A DLP component that:
– Manages certificates for secure communication between Endpoint
components.
– Receives events and status from Endpoint Coordinators or Endpoint agents
and passes them to the Enterprise Manager.
– Receives policies and configuration information from Enterprise Manager and
passes them to Endpoint Coordinators or Endpoint agents.
• Endpoint Coordinators. A DLP component that:
– Sends configuration information and policies to Endpoint agents.
– Receives events and status from Endpoint agents and passes them to the Root
Endpoint Coordinator.
– Receives policies and configuration information from Root Endpoint
Coordinators and passes them to Endpoint agents.
– Helps to distribute the load in your Endpoint deployment.

Note: You can choose to have a test deployment without any Endpoint
Coordinators.

• Endpoint Agents. Software residing on each end-user machine that analyzes files
for sensitive content in the context of a user action. On detecting a violation, the
Endpoint agent, sends the details in an event to the configured Endpoint
Coordinator.

12 Chapter 1: Introduction
RSA DLP 9.6 Endpoint Deployment Guide

The following figure shows a sample DLP Endpoint deployment. For additional
deployment scenarios, see “DLP Deployment Scenarios” on page 77.

Enterprise Manager
Database

Root Endpoint Coordinator

Site 1 Site n

Endpoint Coordinator Endpoint Coordinator

End-user machine End-user machine

(Endpoint agent installed) (Endpoint agent installed)

How DLP Endpoint Agent Works

An Endpoint agent is installed on each computer where you want DLP policies
enforced. The Endpoint agent is a service that starts when the computer starts and
monitors user actions as long as the computer is running.

The Endpoint agent runs from within the end-user’s operating system and is
transparent to desktop applications. The agent monitors each process running as local
user but not system processes, and intercepts application calls initiated by the
end-user.

Chapter 1: Introduction 13
RSA DLP 9.6 Endpoint Deployment Guide

The following figure shows the logical functioning of the Endpoint agent.

End-user machine
(DLP Endpoint agent installed)

Copy/ Sync to Web actions Save as/ User actions

Print Paste
Move Mobile Http(s)/IM Export

1. Intercept calls
Endpoint agent
2. Analyze content activity
3. Enforce policy

Destination

Printer USB Device Internet Clipboard CD/DVD Mobile Network

Device Share

When the Endpoint agent detects a call for a user action such as copying, moving, or
printing, it extracts the content of the document involved and performs content
analysis (if necessary) to determine whether the action constitutes a policy violation.
If the agent determines a policy violation has occurred, it either allows or denies the
action as defined by the policy and sends the event data to the Endpoint Coordinator.

Note: A policy does not have to be based on content analysis. Violations can
be defined based on user actions only, or on other file attributes such as file
extension type. For more details, see “Policy-Based Content Analysis and
User Action Control”.

The Endpoint agent communicates, when appropriate, with end-users through a user
interface that displays policy violation notification messages and accepts justification
text input from users. See “Endpoint Agent Messages” on page 67 for details.

The Endpoint agent continues to monitor user actions and enforce policies even when
the end-user machine it runs on is disconnected from the network. Information about
violations is stored locally and then sent to the Endpoint Coordinator once the
computer is back online.

Policy-Based Content Analysis and User Action Control

DLP Endpoint agent uses active DLP policies to recognize specific kinds of sensitive
content like credit card numbers or social security numbers in documents. You can
define custom policies or use the pre-designed policies shipped with the product.

14 Chapter 1: Introduction
RSA DLP 9.6 Endpoint Deployment Guide

DLP Endpoint polices can be based on identifying a file’s sensitive content or on

recognizing other characteristics of a file such as file type. Policies used with DLP
Endpoint can restrict, monitor, and report on user actions on files containing sensitive
content.

For instruction on how to configure policies, see the RSA DLP Endpoint User Guide
or the Enterprise Manager online help.

A DLP Endpoint policy includes:

The user actions (both Windows user actions and DOS command
User Actions
line) that can trigger a policy violation.

Print Printing to a local printer, network printer, or printer via IP

address, and printing to a file.

Copy/Move/Save As Copying/moving/saving/exporting/writing to a CD/DVD*, USB,

floppy disk, and netshare.
*Windows native CD/DVD driver support.

Copy to clipboard Copying content to clipboard.

Sync to Mobile • Adding sensitive files to Apple iTunes library.

• Copying, moving or saving sensitive files to mobile devices
connected to the end-user machine as Media Transfer Protocol
(MTP) USB device, for example, Nokia and Blackberry
devices.

Attribute Rules Attributes of an action that can trigger a policy violation.

Destination Only files going to these destinations trigger violations.

User/Group Only actions by these users/groups trigger violations.

File type. Only actions on files with these attributes (file

extension and file size) trigger violations.
File Attributes On Print or Copy to clipboard user actions, File size attributes
apply only to text getting printed or copied and not on whole file
size.

These rules use content blades to detect sensitive content and

Detection Rules
trigger a violation.

These actions are automatically performed by DLP Endpoint

Policy Actions
when a violation occurs.

Chapter 1: Introduction 15
RSA DLP 9.6 Endpoint Deployment Guide

Block The end-user is prevented from completing the action.

Audit Action is audited, but allowed.

Notify End-user is notified when a violation is detected.

Justify User is prompted to justify the action that triggered the violation.

Custom DLP Endpoint runs a customized policy action such as

encryption or backup, as defined by a custom action script.
If the custom action script fails to complete the action, the
operation is blocked.

16 Chapter 1: Introduction
RSA DLP 9.6 Endpoint Deployment Guide

2 Preparing for RSA DLP Endpoint

Deployment
This chapter lists the system requirements for the different components of RSA DLP
Endpoint.

Topics:

• System Requirements
• Third-Party Application Integration
• DLP Endpoint Deployment Flow

System Requirements
Make sure that each machine that you intend to use in your DLP Endpoint deployment
meets the system requirements.
• Enterprise Manager Requirements
• Endpoint Coordinator Requirements
• Endpoint Agent Requirements
• Port Usage
• Network Accessibility
• Endpoint Agent Deployment Requirements

Enterprise Manager Requirements

Make sure that the Enterprise Manager machine meets the following hardware and
software requirements. The hardware requirements listed in this section serve as
guidelines and may vary depending on your deployment.

Chapter 2: Preparing for RSA DLP Endpoint Deployment 17

RSA DLP 9.6 Endpoint Deployment Guide

Hardware Requirements
Make sure that the Enterprise Manager machine meets the following hardware
requirements.

Hardware Component Minimum Requirement

CPU 2 x 2 GHz

Note: RSA recommends that you use 64-bit processor.

RAM 4 GB (8 GB is recommended)

Disk space 200 GB to 1 TB free

Note: If Enterprise Manager is installed on a different

volume than the Database and Event and Indexing
folder, make sure you have a minimum of 10 GB free
space on that volume.

Virtual Machine Recommended virtual machine configuration:

configuration • 4x2 GHz CPU
• 8 GB RAM
• 200 GB to 1.25 TB disk space

Note: In VMware virtual machine, make sure that the

CPU and Memory Resource Limit values are set to
Unlimited in the Virtual Machine Properties dialog.

Software Requirements
Make sure that the Enterprise Manager meets the following software requirements.

Software Component Versions

Operating System 32 bit: 64 bit:

• Windows Server 2003 SP2 • Windows Server 2003 SP2
• Windows Server 2003 R2 • Windows Server 2003 R2
• Windows Server 2003 R2 • Windows Server 2003 R2
SP2 SP2
• Windows Server 2008 SP2 • Windows Server 2008 SP2
• Windows Server 2008 R2
• Windows Server 2008 R2
SP1

Note: RSA recommends that you install Enterprise

Manager on a 64-bit operating system.

18 Chapter 2: Preparing for RSA DLP Endpoint Deployment

RSA DLP 9.6 Endpoint Deployment Guide

Software Component Versions

.NET • Microsoft .NET Framework 3.5 (minimum)

• Microsoft .NET Framework 4.0

Database • Microsoft SQL Server 2005 SP2

• Microsoft SQL Server 2005 SP3
• Microsoft SQL Server 2008 SP1
• Microsoft SQL Server 2008 R2
• SQL Server 2005 Express (for evaluation deployments only)

Note: The Enterprise Manager user must have owner and

create privileges on the database. The schema for
Enterprise Manager database and database user must be
set to dbo.

Database client software • SQL Server 2005/2008 Command Line Query Utility
• SQL Server 2005/2008 Native Client

Browser • Microsoft Internet Explorer: Versions 8.x and 9.x

• Mozilla Firefox: Versions 13 to 18
Recommended screen resolution: 1280 x 800

Hypervisor • VMware ESX version 3.5, 4.0, 4.1, and ESXi 5.0
• Microsoft Hyper-V Server 2008

Endpoint Coordinator Requirements

Make sure that the Endpoint Coordinator machine meets the following hardware and
software requirements. The hardware requirements listed in this section serve as
guidelines and may vary depending on your deployment.

Note: Requirements for Root Endpoint Coordinator and Endpoint

Coordinators are same.

Chapter 2: Preparing for RSA DLP Endpoint Deployment 19

RSA DLP 9.6 Endpoint Deployment Guide

Hardware Requirements
Make sure that the Endpoint Coordinator machine meets the following hardware
requirements.

Hardware Component Minimum Requirement

CPU • 2 x 2 GHz
• 4 x 2 GHz (Recommended)

Note: RSA recommends that you use 64-bit processor.

RAM 4 GB (8 GB is recommended)

Disk space 40 GB

Virtual Machine Recommended virtual machine configuration:

configuration • 2x2 GHz CPU
• 8 GB RAM
• 40 GB disk space

Note: In VMware virtual machine, make sure that the

CPU and Memory Resource Limit values are set to
Unlimited in the Virtual Machine Properties dialog.

Software Requirements
Make sure the Endpoint Coordinator machine meets the following software
requirements.

Software Component Versions

20 Chapter 2: Preparing for RSA DLP Endpoint Deployment

RSA DLP 9.6 Endpoint Deployment Guide

Operating System 32 bit: 64 bit:

Note: RSA recommends that you install Endpoint

Coordinators on a 64-bit operating system.

.NET • Microsoft .NET Framework 3.5 (minimum)

• Microsoft .NET Framework 4.0 Full

Note: Microsoft .NET Framework 4.0 Client Profile

along with .NET Framework 3.5 is not supported.

Hypervisor • VMware ESX version 3.5, 4.0, 4.1, and ESXi 5.0
• Microsoft Hyper-V Server 2008

Endpoint Agent Requirements

Make sure that the Endpoint agent (end-user) machine meets the following hardware
and software requirements. The hardware requirements listed in this section serve as
guidelines and may vary depending on your deployment.

Hardware Requirements
Make sure that the Endpoint agent machine meets the following hardware
requirements.

Hardware Component Minimum Requirement

CPU 2 GHz

Chapter 2: Preparing for RSA DLP Endpoint Deployment 21

RSA DLP 9.6 Endpoint Deployment Guide

RAM 1 GB

Disk space 5 GB free

Virtual Machine Recommended virtual machine configuration:

configuration • 2 x 2 GHz CPU
• 1 GB RAM
• 20 GB free disk space

Note: Make sure that the CPU and Memory Resource

Limit values are set to Unlimited in the Virtual Machine
Properties dialog.

Software Requirements
Make sure the Endpoint agent machine meets the following software requirements.

Software Component Versions

Operating System • 32 bit: • 64 bit:

• Windows XP SP3 (32-bit) • Windows XP SP2
• Windows Vista SP2 • Windows Vista SP2
• Windows 7 • Windows 7
• Windows 7 SP1 • Windows 7 SP1
• Windows Server 2003 R2 • Windows Server 2003 R2
SP2 SP2
• Windows Server 2008 SP2 • Windows Server 2008 SP2
• Windows Server 2008 R2
• Windows Server 2008 R2
SP1

.NET • Microsoft .NET Framework 3.5 (minimum)

• Microsoft .NET Framework 4.0

Note: Microsoft .NET Framework 3.5 is required if you

plan to to use .NET Framework 4.0 Client Profile.

Virtual Desktop Support • VMware View 4.6 and 5.0

• Citrix XenDesktop 5.0 and 5.5
• Citrix XenApp (hosted) 6.0 and 6.5
• Microsoft Remote Desktop

Browsers For Disconnected Endpoint:

• Internet Explorer version 8, and 9
• Firefox version 3.6.x, and 6 to 14

22 Chapter 2: Preparing for RSA DLP Endpoint Deployment

RSA DLP 9.6 Endpoint Deployment Guide

Port Usage
The following ports are used by the products in the RSA DLP to communicate among
the different components. These ports must be opened for functioning of the
RSA DLP.

In/
Port Component Description Protocol
Out

22 In • Network Controller Use for secure login to managed Network SSH

• Sensor devices.
• Interceptor
• ICAP Server

25 Both Interceptor Used for communication between Interceptor TCP

and email server.

123 Out • Network Controller Used for communication with NTP server. UDP or
• Sensor NTP
• Interceptor
• ICAP Server

135 Both Discovery agent Windows RPC port used for communication TCP
between Site Coordinator and Discovery
Both Site Coordinator agent during bootstrapping of Discovery
agent.

137 Both Discovery agent Windows NetBIOS Name Service port used UDP
for communication between Site Coordinator
Both Site Coordinator and Discovery agent during bootstrapping of
Discovery agent.

138 Both Discovery agent Windows NetBIOS Datagram Service used UDP
during communication between Site
Both Site Coordinator Coordinator and Discovery agent during
bootstrapping of Discovery agent.

139 Both Discovery agent Windows NetBIOS Session Service used TCP
during communication between Site
Both Site Coordinator Coordinator and Discovery agent during
bootstrapping of Discovery agent.

443 In Enterprise Manager Access to Enterprise Manager console. HTTPS

Out • Enterprise Coordinator Used to connect with Microsoft SharePoint HTTPS

• Grid Worker server for SharePoint scans.
Alternatively port 80 can be used.

Out Grid Worker Used to connect with Microsoft Exchange HTTPS

server for Exchange scans.

Chapter 2: Preparing for RSA DLP Endpoint Deployment 23

RSA DLP 9.6 Endpoint Deployment Guide

In/
Port Component Description Protocol
Out

445 In Discovery agent Microsoft-DS SMB file sharing port for TCP
communication between Site Coordinator and
Out Site Coordinator Discovery agent during bootstrapping of
Discovery agent.

514 Out • Enterprise Manager DLP system logging to SIEM. Syslog

• Enterprise Coordinator
• Site Coordinator
• Grid Worker
• Discovery agent
• Network Controller
• Sensor
• Interceptor
• ICAP Server

1344 Both ICAP Server Communication between ICAP Server and TCP
ICAP client.

1352 Out • Enterprise Coordinator Used to connect with IBM Lotus Domino TCP
• Grid Worker server for Lotus Notes scans.

4369 In Root Endpoint Coordinator Local port used for communication between TCP
Endpoint Coordinator components.
In Endpoint Coordinator

5671 Out Enterprise Manager Communication between: AMQP

• Enterprise Manager and Root Endpoint
Both Root Endpoint Coordinator Coordinator.
Out Endpoint Coordinator • Root Endpoint Coordinator and Endpoint
Coordinator.

5772 Out Enterprise Manager Communication between Enterprise Manager HTTPS

and Root Endpoint Coordinator during
In Root Endpoint Coordinator initialization.

5773 In Root Endpoint Coordinator Communication between Root Endpoint HTTPS

Coordinator and:
Out Endpoint Coordinator • Endpoint Coordinator.
• Endpoint agent.
Out Endpoint agent

5774 In Root Endpoint Coordinator Communication between Root Endpoint HTTPS

Coordinator and:
Out Root Endpoint Coordinator • Endpoint Coordinator.
• Endpoint agent.
Out Endpoint agent

24 Chapter 2: Preparing for RSA DLP Endpoint Deployment

RSA DLP 9.6 Endpoint Deployment Guide

In/
Port Component Description Protocol
Out

5871 Out Enterprise Manager Communication between: HTTPS

• Enterprise Manager and Root Endpoint
In Root Endpoint Coordinator Coordinator.
• Root Endpoint Coordinator and Endpoint
Out Endpoint Coordinator
Coordinator.
Out Endpoint agent • Endpoint agent and Endpoint Coordinator.

61613 In Root Endpoint Coordinator Local port used for communication between TCP
Endpoint Coordinator components.
In Endpoint Coordinator

9108 In Network Controller IP Mapper to Network Controller. TCP

9143 Out • Network Controller Communication between Enterprise Manager HTTPS

• Enterprise Coordinator and Network Controller or Enterprise
Coordinator.
In Enterprise Manager

9144 Out Enterprise Manager Communication between Enterprise Manager HTTPS

and Network Controller.
In Network Controller

9145 Out Enterprise Manager Communication between Enterprise Manager HTTPS

and Enterprise Coordinator.
In Enterprise Coordinator

9150 Both Enterprise Coordinator Communication between: HTTPS

• Enterprise Manager and Site Coordinator.
Both Site Coordinator
• Site Coordinator and Discovery agent.
Both Discovery agent

9202 Out Network Controller Communication between Network Controller TLS

and managed DLP Network devices.
In • Sensor
• Interceptor
• ICAP Server

9999 Out Network Controller Initial security certificate exchange between TLS
Network Controller and managed DLP
In • Sensor Network devices.
• Interceptor
• ICAP Server

Network Accessibility
Because of the distributed nature of a DLP Endpoint deployment, accessibility
between machines in the deployment infrastructure must be clearly defined.

Chapter 2: Preparing for RSA DLP Endpoint Deployment 25

RSA DLP 9.6 Endpoint Deployment Guide

Each monitored computer in an Endpoint group must be accessible from its Endpoint
Coordinator. If network firewall solution exist, please check the existing rules and add
exceptions if necessary.

Endpoint Agent Deployment Requirements

You can generate an Endpoint agent installer from Enterprise Manager and use it to
install the agent on the end-user machines.

RSA recommends that you use third-party deployment tools to install the Endpoint
agents on the end-user machines. You can use the following deployment tools:
• System Center Configuration Manager (SCCM)
• Altiris Deployment Solution
• IBM Tivoli Endpoint Manager (BigFix)

Third-Party Application Integration

This section lists the third-party applications that can be integrated with RSA DLP.

RSA SecurID Integration

RSA DLP can be integrated with RSA SecurID to enable two-factor authentication for
logon to Enterprise Manager.

For more information, see the RSA technical note Enabling RSA SecurID
Authentication for RSA DLP.

SIEM Integration
RSA DLP can be integrated with the following Security Incident and Event
Management (SIEM) applications:

RSA enVision Version 3.7 or later with the November 2010 ESU (event source
update) applied.

Note: RSA recommends that you always apply the latest

available ESU.

DRM Integration
RSA DLP can be integrated with Rights Management Services (RMS) applications
using the Endpoint custom actions. For more information, see Endpoint User Guide.

Microsoft Windows 2008 Active Directory Rights Management Services (AD RMS)

26 Chapter 2: Preparing for RSA DLP Endpoint Deployment

RSA DLP 9.6 Endpoint Deployment Guide

LDAP Repositories
RSA DLP can be integrated with the following LDAP Repositories:
• Microsoft Active Directory
• SunOne

DLP Endpoint Deployment Flow

Depending on your needs, your DLP Endpoint deployment may require multiple
installation tasks. Use the following flowchart as a general guide.

Start

Install Enterprise Manager

Install Root Endpoint Coordinator

Initialize Root Endpoint Coordinator in
Enterprise Manager

Do you need additional
Endpoint Coordinator ?

Add Endpoint Coordinator in
Yes Enterprise Manager

No
Install Endpoint Coordinator

Generate Endpoint agent installer

Install Endpoint agent
(use third‐party deployment tools like SCCM)

Stop

Chapter 2: Preparing for RSA DLP Endpoint Deployment 27

RSA DLP 9.6 Endpoint Deployment Guide

RSA DLP Endpoint Deployment Flow

1. Install Enterprise Manager.

For instructions, see “Installing Enterprise Manager” on page 34.
2. Install the Root Endpoint Coordinator.
For instructions, see “Install Endpoint Coordinators” on page 48.
3. Initialize the Root Endpoint Coordinator in Enterprise Manager.
For instructions, see “Initialize the Root Endpoint Coordinator” on page 55.
4. If you need additional Endpoint Coordinators.
a. Install a Endpoint Coordinator.
For instructions, see “Install Endpoint Coordinators” on page 48.
b. Add the Endpoint Coordinator in Enterprise Manager.
For instructions, see “Add Endpoint Coordinators” on page 56.
c. Repeat Step 4 for additional Endpoint Coordinators.
5. Generate Endpoint agent installer.
For more information, see the RSA DLP Endpoint User Guide or Enterprise
Manager online help.
6. Install Endpoint agents.
For instructions, see “Install DLP Endpoint Agents” on page 60.

28 Chapter 2: Preparing for RSA DLP Endpoint Deployment

RSA DLP 9.6 Endpoint Deployment Guide

3 Deploying Enterprise Manager

Enterprise Manager is an integrated web-based management console for

administration, configuration, policy management, incident remediation, and
reporting.

For a test deployment of DLP Endpoint, Enterprise Manager can be installed on the
same machine as the Root Endpoint Coordinator, the other primary component.

Topics:
• Perform Pre-Installation Tasks
• Installing Enterprise Manager
• Verify the Enterprise Manager Installation
• Uninstall Enterprise Manager

Perform Pre-Installation Tasks

You must perform the following pre-installation tasks to prepare your system to install
Enterprise Manager.

To prepare your system to install Enterprise Manager:

1. Create the Domain User Account

2. Set Permissions for the Run-As User
3. Set Up the Enterprise Manager Database
4. Install SQL Server Client Software

Chapter 3: Deploying Enterprise Manager 29

RSA DLP 9.6 Endpoint Deployment Guide

Create the Domain User Account

Enterprise Manager runs as a Windows service with domain user credentials. The
credential used to run the RSA DLP Enterprise Manager service must have “Log on as
a service” permission on the Enterprise Manager machine. During Enterprise Manager
installation, you need to specify the domain-user credentials.

Contact your domain administrator to create a domain-user account to be used to run

the Enterprise Manager service.

Note: Only a domain administrator can create a new domain user account.

You may set the “Password never expires” option for your Enterprise Manager
domain-user account. This makes sure that the Enterprise Manager service does not
fail to start due to a failed logon attempt.

In case you need to update the Enterprise Manager run-as user credentials, see
“Update Run-As User Credentials” on page 31.

Set Permissions for the Run-As User

You must set required permissions for the run-as user on the Enterprise Manager
machine before installing Enterprise Manager.

Note: These instructions are based on Windows Server 2008 R2. The
instructions may vary depending on the operating system used. Refer to the
operating system help for more details.

To set permissions for the run-as user:

1. Add the domain user to the Administrators group on the Enterprise Manager
machine.
a. Click Start > Control Panel > User Accounts > Manage User Accounts.
The User Accounts window appears.
b. Click Add, enter the User name and Domain, and click Next.
c. Select Administrator and click Finish
2. Set Log on as a service permission to the domain user.
a. Click Start > Control Panel > Administrative Tools > Local Security
Policy.
The Local Security Policy window appears.
b. In the left pane, select Local Policies > User Rights Assignment.
c. Double-click on the Log on as a service policy.
The Log on as a service Properties window appears.

30 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

d. Verify the domain user is added to the list.

If the domain user is not listed, click Add User or Group and specify the user
to be added.

Update Run-As User Credentials

You may need to update the Enterprise Manager run-as user credentials in the
following situations:
• If the Enterprise Manager run-as user’s password is changed in the domain.
This may be required as most enterprises set password policy for domain user
accounts and mandates that passwords be changed on a regular basis.
• If you upgrade an installation and specify a different domain user as the run-as
user.
This may be required if you plan to use a different domain user credentials to run
Enterprise Manager.

In the above situations, if the Enterprise Manager run-as user credentials are not
updated, the Enterprise Manager service will no longer be able to run. The system may
display the following error when trying to start the service:
The service did not start due to a login failure.

To update run-as user credentials:

1. On the Enterprise Manager machine, open the Services control panel, and
right-click RSA DLP Enterprise Manager.

Chapter 3: Deploying Enterprise Manager 31

RSA DLP 9.6 Endpoint Deployment Guide

2. Select Properties from the drop-down menu, then click the Log On tab.

Note: You must be an administrator on the Enterprise Manager machine

to be able to edit the logon credentials.

3. Enter the new user name (if changed) and the new password.
4. Click OK.

Set Up the Enterprise Manager Database

Enterprise Manager uses a Microsoft SQL Server database to store events, incidents,
and other DLP information. DLP documentation refers to this SQL Server database as
“the database” or “the Enterprise Manager database”.

The Enterprise Manager installation process creates this database. Steps during
installation prompt you to specify SQL Server connection information and a name for
the database.

32 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

To set up Enterprise Manager database:

1. (Optional) Create a named instance of SQL Server.

If you are creating a new instance of SQL Server to use with Enterprise Manager,
RSA recommends that you create a Named Instance (for example,
RSA_DLP_EM). A default instance is acceptable if you have no other SQL
Server instances with which it could conflict.
2. Set the Enterprise Manager domain user to have owner and create permissions on
the Enterprise Manager database.
3. (Optional) If Enterprise Manager is not on the same machine as your SQL Server
instance, configure the SQL Server for remote access.
4. Enable TCP/IP connections to the SQL Server. Do the following:

Note: These instructions may vary depending on the version of SQL

Server used.

a. Launch SQL Server Configuration Manager.

Click Start > All Programs > Microsoft SQL Server 2008 R2 >
Configuration Tools > SQL Server Configuration Manager.
b. Under SQL Server Network Configuration > Protocols for instanceName,
do the following:
• Right-click on TCP/IP and choose Enable from the dropdown menu.
• Right-click on Named Pipes and choose Enable from the dropdown
menu.
c. Click SQL Server Services, and do the following:
• Right-click on SQL Server (instanceName), and choose Restart from
the dropdown menu.
• Verify that SQL Server Browser is running. If not, right-click on it and
choose Start from the dropdown menu.
5. Set the default schema of the Enterprise Manager database and the database user
as dbo.

Install SQL Server Client Software

The SQL Server Client software is used by Enterprise Manager to interact with the
database. Install the following SQL Server client software on the Enterprise Manager
machine:
• SQL Server Native Client. Required to install the command line tool.
• SQL Server Command Line Query Utility. Used by the Enterprise Manager
installer to access the SQL Server installation.

Important: The SQL Server client software must be installed before installing
Enterprise Manager.

Chapter 3: Deploying Enterprise Manager 33

RSA DLP 9.6 Endpoint Deployment Guide

To install SQL Server client software:

1. Download the SQL Server client software packages from the following locations:
– For SQL Server 2005,
http://www.microsoft.com/downloads/
details.aspx?familyid=df0ba5aa-b4bd-4705-aa0a-b477ba72a9c
b&displaylang=en
– For SQL Server 2008 R2,
http://www.microsoft.com/download/en/
details.aspx?id=26728

Important: Download the x86 or x64 package versions for the software as
needed to run on the Enterprise Manager machine.

2. Install the SQL Server client software on the Enterprise Manager machine.

Installing Enterprise Manager

You can install Enterprise Manager by directly launching the installer or by executing
a command line that launches the installer. You can run the installer locally on the
machine on which it is to be installed, or remotely using, for example, Microsoft’s
Remote Desktop Protocol (RDP).

You can install Enterprise Manager using one of the following methods:
• Install Enterprise Manager Using the Wizard
• Install Enterprise Manager Using the Command Line
• Install Enterprise Manager Remotely

Install Enterprise Manager Using the Wizard

You can perform an installation using the installation wizard. Installation time varies
depending on system speed and memory. Make sure that you allow at least one hour to
perform the installation.

Before You Begin:

• Complete the pre-installation tasks. For information, see “Perform Pre-Installation

Tasks” on page 29.
• Time on the machine must be synchronized with the domain controller and be
accurate.
• Obtain the installer package from RSA and copy it to the Enterprise Manager
machine.
• Close all applications and system consoles.

34 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

To install Enterprise Manager using the wizard:

1. Double-click the RSA_DLP_Installer_9.6.exe file to start the installation

wizard. Click Run, if a security warning appears.

Important: You must launch the installer as an administrator.

The installation wizard opens and performs basic validation of the machine. One
of the following occurs:
– If the installer detects a previous version of DLP installed, you are prompted
to upgrade. If you wish to upgrade, see the RSA DLP Upgrade Guide.
– If the requirements are not met, or if required ports are in use, an error
message appears explaining the problem. Click OK to close the message and
Finish to exit the wizard, correct the problem, and then retry the installation.
– If the requirements are met, the buttons at the bottom of the window become
active.
2. Click Next to continue.
The License Agreement screen appears.
3. Review the license agreement, choose I accept the terms in the license
agreement, and click Next.
The Feature Selection screen appears.

4. Specify the program features you want to install.

Click the drop-down list for RSA DLP Enterprise Manager and select This
feature will be installed on local hard drive.

Chapter 3: Deploying Enterprise Manager 35

RSA DLP 9.6 Endpoint Deployment Guide

Note: The rest of this procedure leads you through the installation of
Enterprise Manager only.

5. Click Next.
The Database Server screen appears.

6. Enter the database server details:

a. In the Database Server field, enter the database instance name for the DLP
installer to connect and create the Enterprise Manager database. Use the
format hostName\instanceName, where hostName is the name of the
machine on which you installed SQL Server.
Alternatively, click Browse to browse and select the database instance.
b. In the Database Name field, enter the name of the database to be created for
the Enterprise Manager.

CAUTION: Do not select an existing database that was used by a

previous Enterprise Manager installation, it may contain obsolete
configuration information that can break the installation.

c. (Optional) Select the Connect using port checkbox and specify the port using
which Enterprise Manager will connect to the database.
Use this option only if your database administrator has provided a static port
number to be used for connecting to the database.

36 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

d. Specify the user credentials to authenticate with SQL Server and create the
Enterprise Manager database. Do one of the following:
• If the current logged-in user has permission to connect and create the
database, select Windows authentication credentials of current user.
• If you want to specify a different user, select Server authentication
using the Login ID and password below and enter the user ID and
password.

Note: The credentials must have create privilege on the database. This
credential is used only during the upgrade process.
During run time Enterprise Manager Service Credentials is used and it must
have owner privilege on the Enterprise Manager database.

7. Click Next.
The Enterprise Manager Service Credentials screen appears.
8. Enter the user credentials for Enterprise Manager service. Enter the user name in
the format DOMAIN\username.
This user credential is used to connect with the Enterprise Manager database and
perform read and write operations.
9. Click Next.
The Enterprise Manager Administrator Credentials screen appears.
10. Enter and confirm the password for the default administrator account to access the
Enterprise Manager console.
The password must be minimum of six characters and contain only the following
characters:
– Uppercase characters (A-Z)
– Lowercase characters (a-z)
– Numbers (0-9)
– Special characters (!,@,#,?,_)

Note: Only English characters are allowed in the password. If you want to
have non-English characters in the password, you can log on to the
console and change the password, after installation of Enterprise
Manager.

11. Click Next.

The Enterprise Manager Options screen appears.
12. Use the configuration options as appropriate:
– Select Create a shortcut on the desktop for Enterprise Manager to create a
shortcut on the desktop for the Enterprise Manger.

Chapter 3: Deploying Enterprise Manager 37

RSA DLP 9.6 Endpoint Deployment Guide

– Select Automatically Configure a sample DLP site during installation to

configure a sample DLP site during installation. This option is available if you
selected to install Enterprise Coordinator on this machine (see Step 4).

Note: This option is recommended for use in a demonstration

environment or to view and try new DLP features only.

– Run DLP Suite with FIPS mode enabled option is selected if the host
machine is configured to run with FIPS encryption. For details, see the
technical note Deploying RSA DLP in FIPS-Compliant Mode.
– Select Enable Partner Device Integration to set up a CA certificate for
secure communication between a partner device and Enterprise Manager.
RSA recommends that you select this option if you plan to use Enterprise
Manager to control a partner device with built-in RSA DLP features. For
more information, see the technical note Managing Partner Device DLP with
Enterprise Manager.

Note: If you do not select this option during installation and at a later
point of time you want to enable it, you will have to reinstall
Enterprise Manager.

– Specify the directory to use for Event and Report Indexing.

13. Click Next.
– If you have not selected Enable Partner Device Integration, go to Step 15.
– If you have selected Enable Partner Device Integration, the Secure
Communication Information screen appears.
14. On the Secure Communication Information screen, do the following:
a. In the CA Common Name field, enter the common name of the Certificate
Authority (CA).
b. In the CA Store Password field, enter the password of the CAstore.
c. In the Local Site Store Password field, enter the password of the interop
local site certificate store.
d. (Optional) Select Enable Secure (SSL) Communication to enable secure
communication between Enterprise Manager and the partner device.
e. Click Next.
15. On the Ready to Install the Program screen, click Install.
The installation wizard performs validation of the machine based on the selected
options. If system prerequisites are not met, installation fails with an error
message.
a. Click Yes to exit the installation and view the report.

38 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

The Results of the RSA DLP installation prerequisite check page appears.

b. Correct the validations with FAIL results and optionally WARNING results,
and then retry the installation.
16. On successful validation, the installation is performed and ends with the Wizard
Completed screen.
Click Finish to close the wizard.
17. Upgrade the JRE. For instructions, see RSA technical note Manually Updating
Java JRE.

Install Enterprise Manager Using the Command Line

RSA DLP installer can be run from a command line as an alternative to using the
installation wizard. The DLP installer supports the standard command line parameters.
For more information on parameters you can specify when running an installer (.exe
file), see http://kb.flexerasoftware.com/doc/Helpnet/
installshield12helplib/IHelpSetup_EXECmdLine.htm.

Important: You must launch cmd.exe as an administrator or disable UAC to

execute the installer from the command line.

For example, if you want to install Enterprise Manager on a drive other than the
default C: drive. Use a command such as this:
"RSA_DLP_Installer_9.6.exe" /v"INSTALLDIR=\"D:\Program
Files(x86)\RSA\" ADDLOCAL=EM"

The above command installs Enterprise Manager to D:\Program Files(x86)\

RSA.

Chapter 3: Deploying Enterprise Manager 39

RSA DLP 9.6 Endpoint Deployment Guide

The /v parameter passes MSI command line parameters to the .msi installer
embedded in the executable installer. On the command line, insert the MSI options
within a pair of quotation marks that immediately follow the /v parameter, without
spaces.

For example, type /v"/l*v C:\installlog.txt ADDLOCAL=EM" to specify

that a log file be created and stored in the specified location, and that only Enterprise
Manager must be installed.

You can include any of the following options after the /v parameter:
• Standard MSI command line options.
For list of standard MSI options, see http://support.microsoft.com/kb/
314881
Use the /q option for silent installs, and the /l option for creating installation log
file.
• DLP installer properties, in the format PROPERTY=value.

Note: Property values that contain spaces must be enclosed in quotes. To

set a property value to NULL, make the value empty, for example,
IS_SQLSERVER_AUTHENTICATION=.

– ADDLOCAL=EM
Specifies the components to install. For Enterprise Manager only use
ADDLOCAL=EM.
– AUTOCONFIGURE=NULL|1
Specifies if the installer automatically configures a sample Site Coordinator.
To use this property you must specify ADDLOCAL=ALL.
– CONFIG=filePath
The fully qualified file name to be used as a configuration file. By default, the
filename is EMInstall.ini.
– FIPS=NULL|1
Specifies if DLP is installed in FIPS-enabled mode.
For more information on FIPS requirements and configuration, see the
technical note Deploying RSA DLP in FIPS-Compliant Mode
– INSTALLDIR=installPath
The Enterprise Manager installation location.
– INDEXINGDIR=indexingdir
Set the location for Event and Report Indexing folder.
– IS_NET_API_LOGON_USERNAME=DOMAIN\name.
The name used in creating or modifying the database (include the domain and
username separated by a backslash).

40 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

– IS_NET_API_LOGON_PASSWORD=password
The password associated with the username.
– ADMIN_PASSWORD=password
The password for the default administrator account to access the Enterprise
Manager console. The password must be minimum of six characters and
contain only the following characters:
• Uppercase characters (A-Z)
• Lowercase characters (a-z)
• Numbers (0-9)
• Special characters (!,@,#,?,_)

Important: Only English characters are allowed in the password. If

you want to have non-English characters in the password, after
installing Enterprise Manager, log on to the console and change the
password.

– PARTNER=1
Enables partner device integration with Enterprise Manager. Specify 1 only if
you chose to integrate the partner device.
The CA certificate is required for enabling secure communication. If you have
enabled partner device integration, then you must enter the following
certificate details to create the common CA certificate.
• CA_COMMON_NAME=CommonName. Enter the common name of the CA.
• CA_STORE_PASSWORD=storepassword. Enter the store password of
the CA.
• STORE_PASSWORD=sitepassword. Enter the store password of the
interop local site certificate.
• ENABLE_SSL=1 to enable secure communication between Enterprise
Manager and the partner device.
– IS_SQLSERVER_SERVER=instanceName.
The database server instance name. By default in SQL Server, this has the
form hostName\serverInstance.
– IS_SQLSERVER_DB=databaseName.
The name of the Enterprise Manager database to be created during
installation.
– IS_SQLSERVER_AUTHENTICATION=NULL|1
Whether to use Windows authentication (default) or SQL Server
authentication (1) for the DLP installer to connect to SQL Server and create
the Enterprise Manager database.
– IS_SQLSERVER_USERNAME=name

Chapter 3: Deploying Enterprise Manager 41

RSA DLP 9.6 Endpoint Deployment Guide

The user name for the DLP installer to use to connect to SQL Server. Enter
only if SQL Server authentication is specified.
– IS_SQLSERVER_PASSWORD=password
The password for the DLP installer to use to connect to SQL Server. Enter
only if SQL Server authentication is specified.
– LOG_LEVEL=level
The verbosity level to be used in the Enterprise Manager and Enterprise
Coordinator installation log files. Acceptable values are INFO, WARNING,
DEBUG, ERROR.
– USE_SQL_PORT=1.
Specify 1 if the user wants to use non default port for SQL (default is 1433).
Enter the new port value:
• IS_SQLSERVER_PORT = CustomSQLPort

Instead of specifying the properties in the command line, you can set properties in a
configuration file, specified by the CONFIG property as shown above. For each
property, a configuration file value takes precedence over a command line value,
which takes precedence over the default value. If the CONFIG property is not set or
refers to a nonexistent file, the installer checks the directory that holds the Enterprise
Manager installer for a file named EMInstall.ini and uses the values from that
file.

A configuration file must be in standard .ini file format, in which all properties are
set in a section labeled [config] . For example:
[config]
INSTALLDIR="C:\RSA DLP"
IS_SQLSERVER_SERVER=DLP_Server_314
IS_SQLSERVER_DB=RSA_DLP_database

The following example command performs a silent install with parameters taken from
the file ConfigFile.ini:
RSA_DLP_Installer_9.6.exe /s /v"/qn CONFIG=\"C:\ConfigFolder\
ConfigFile.ini\""

42 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

Install Enterprise Manager Remotely

Important: If you use Windows Remote Desktop Protocol (RDP) for

installation, you must follow the procedure described here.

You can use Windows Remote Desktop Protocol (RDP) to install Enterprise Manager
remotely. To do this, you must launch Remote Desktop from a command line using the
/console or /admin option. Using RDP without these options may cause a corrupt
installation or display the following error message:

To install Enterprise Manager remotely:

1. Verify that Terminal Services is running on the remote machine on which

Enterprise Manager is to be installed.
2. Copy the Enterprise Manager installer to the remote machine.
3. Open a command window or use the Run dialog box (click Start > Run) and
execute the mstsc command using the /console or /admin option.
mstsc /v:remoteHost /console
where remoteHost is the IP address or fully qualified hostname of the remote
machine. The Remote Desktop session opens.
4. On the remote machine, launch the Enterprise Manager installer by
double-clicking the installer file, and perform the installation as described in the
previous sections.

Verify the Enterprise Manager Installation

Perform these checks and tasks to verify if the Enterprise Manager installation was
successful.

To verify the Enterprise Manager installation:

1. Verify the presence of the Enterprise Manager service in the Windows Services
dialog box.

Chapter 3: Deploying Enterprise Manager 43

RSA DLP 9.6 Endpoint Deployment Guide

2. (Optional) Verify the presence of the interop service (RSA DLP Local Site
Interop) the Windows Services dialog box.

Interop service is available, if you enabled partner device integration during

installation. The CA certificates and local site certificates required for enabling
partner device integration are stored at C:\RSA\Site\Certs.
3. Connect to Enterprise Manager from a browser using the following URL:
https://EMhost.domain.com
4. Review the DLPInstall.log file.
The Enterprise Manager installation generates the DLPInstall.log file with
information on the steps performed and their results. The log file is located in the
EM_install_dir\logs folder, where EM_install_dir is the Enterprise
Manager installation directory. The default location is:
C:\Program Files(x86)\RSA\Enterprise Manager\logs

Note: If the installation fails the log file is available in the C:\Windows\
temp\ folder of the system on which Enterprise Manager is installed.

You can capture more detailed logging information by installing using the
command line and enabling full MSI logging. For information, see “Install
Enterprise Manager Using the Command Line” on page 39.

Uninstall Enterprise Manager

If you need to uninstall Enterprise Manager, use the Windows Add or Remove
Programs facility.

Note: Using Windows Programs and Features option will uninstall all the
DLP components. If you have more than one DLP components and plan to
uninstall only Enterprise manager, run the installer and select Modify.

To uninstall Enterprise Manager:

1. Click Start > Control Panel > Programs and Features.

The Programs and Features window opens.
2. From the list, select RSA Data Loss Prevention, then click Uninstall. Click Yes
in the confirmation dialog box that appears.
The uninstaller configures the application for removal, then displays a dialog box
asking whether you would also like to remove all files and settings, including data
files.

44 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

3. Do one of the following:

a. Click Yes, if you want the uninstaller to completely remove Enterprise
Manager and all of its related files.
b. Click No, if you want the uninstaller to remove only those files that the
installer originally installed. Select this option if you wish to retain logs,
configuration files, stored searches, and cached data.
The uninstall process continues until the Enterprise Manager application is
removed.
4. Close the Programs and Features window.

Note: After uninstallation, the DLP installation folder (by default, C:\Program
Files(x86)\RSA) is not removed if you clicked No for removing associated files
and settings.
You may manually delete the installation folder after verifying that it does not impact
the product functioning.

Chapter 3: Deploying Enterprise Manager 45

RSA DLP 9.6 Endpoint Deployment Guide

46 Chapter 3: Deploying Enterprise Manager

RSA DLP 9.6 Endpoint Deployment Guide

4 Deploying Endpoint Coordinators

This chapter explains how to install Endpoint Coordinators for use in DLP Endpoint
deployment.

Topics:

• Endpoint Coordinator Overview

• Endpoint Coordinator Deployment Prerequisites
• Install Endpoint Coordinators
• Verify the Endpoint Coordinator Installation
• Initialize the Root Endpoint Coordinator
• Add Endpoint Coordinators
• Uninstall Endpoint Coordinator

Endpoint Coordinator Overview

Endpoint Coordinators are the infrastructure components in a DLP Endpoint
deployment and form the communication backbone of the deployment. They perform
the following functions:
• Distribute policy and configuration packages from the Enterprise Manager to the
Endpoint agents.
• Relay status messages from Endpoint Agent to Enterprise Manager.
• Transmit events from Endpoint agents to Enterprise Manager.

A DLP Endpoint deployment must have a Root Endpoint Coordinator. The Root
Endpoint Coordinator manages the certificates used for secure communication among
various components. In addition to the Root Endpoint Coordinator, you can have
multiple Endpoint Coordinators based on factors such as the number of Endpoint
agents and locations.

Note: Enterprise Manager directly communicates with the Root Endpoint

Coordinator only.

Chapter 4: Deploying Endpoint Coordinators 47

RSA DLP 9.6 Endpoint Deployment Guide

During bootstrapping, an Endpoint agent contacts the Root Endpoint Coordinator and
gets the following:
• A globally unique identifier that the agent will use to identify itself to Endpoint
Coordinators.
• Certificates for mutual SSL.
• The list of Endpoint Coordinators.

Important: The Root Endpoint Coordinator must be accessible by the targeted

endpoint machines else Endpoint agent bootstrapping and certificate renewals
will fail.

An Endpoint agent attempts to connect to the nearest known Endpoint Coordinator on

the network and reports the most recently used Endpoint Coordinator in its status on
the Agent Management page.

Endpoint Coordinator Deployment Prerequisites

Before you begin DLP Endpoint Coordinator deployment, you must:
• Obtain the DLP installer package from RSA and copy it to the Endpoint
Coordinator machine.
• Complete Enterprise Manager installation. For more information, see “Deploying
Enterprise Manager” on page 29.
• Make sure the machine meets the system requirements. For more information, see
“System Requirements” on page 17.
• Make sure the required ports are accessable. For more information, see “Port
Usage” on page 23.
• Make sure the performance counters are enabled. Verify that value of Disable
Performance Counters key is set to 0 under the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
CurrentVersion\Perflib
• Close all applications and system consoles.

Install Endpoint Coordinators

You can install Endpoint Coordinators by running the installer locally on the machine
on which it is to be installed, or remotely using applications like, Microsoft’s Remote
Desktop Protocol (RDP).

You must install a Root Endpoint Coordinator and install additional Endpoint
Coordinators based on your requirement. In a test or small deployment you can use a
Root Endpoint Coordinator without additional Endpoint Coordinators.

48 Chapter 4: Deploying Endpoint Coordinators

RSA DLP 9.6 Endpoint Deployment Guide

You can install Endpoint Coordinator using one of the following methods:
• Install Endpoint Coordinator Using the Wizard
• Install Endpoint Coordinator Using the Command Line

Install Endpoint Coordinator Using the Wizard

You can use the installation wizard to install the Endpoint Coordinator.

Before You Begin:

• Time on the machine must be synchronized with the domain controller and be
accurate.
• Add firewall exception for the following application:
DLP_install_dir\EndpointCoordinator\Erlang\erts-5.9\bin\
erl.exe, where DLP_install_dir is the planned DLP installation directory.
The default location is
C:\Program Files(x86)\RSA\

To install Endpoint Coordinator using the wizard:

1. Double click the file RSA_DLP_Installer_9.6.exe.

Important: You must launch the installer as an administrator.

The installation wizard opens.

2. Read the Welcome text and click Next.
The License Agreement screen appears.
3. Review the license agreement, select I accept the terms in the license
agreement, and click Next.
The Feature Selection screen appears.
4. Specify the program features you want to install.

Chapter 4: Deploying Endpoint Coordinators 49

RSA DLP 9.6 Endpoint Deployment Guide

Click the drop-down list for RSA DLP Enterprise Manager and select This
feature will be installed on local hard drive.

5. Specify the installation directory and click Next.

The Endpoint Coordinator Information screen appears.

50 Chapter 4: Deploying Endpoint Coordinators

RSA DLP 9.6 Endpoint Deployment Guide

6. Do one of the following:

– If this is a Root Endpoint Coordinator,
i. Select Root Endpoint Coordinator and click Next.
The Root Endpoint Coordinator configuration screen appears.
ii. (Optional) Create a Passcode.
The passcode is used to authenticate the Root Endpoint Coordinator
during the initialization process.
iii. Click Next.
– If this is a Endpoint Coordinator,
i. Select Endpoint Coordinator and click Next.
The Endpoint Coordinator configuration screen appears.
ii. Enter the FQDN, Hostname, or IP address of the Root Endpoint
Coordinator.
iii. (Optional) Enter the Authorization Key and Certificate Thumbprint of
the Root Endpoint Coordinator.
The Authorization key and Certificate thumbprint is listed in the Root
Endpoint Coordinator details pane on the Enterprise Manager console.
iv. Click Next.
7. Click Install to begin installing Endpoint Coordinator.

Important: For a Root Endpoint Coordinator, the certificate thumbprint is

displayed on successful installation. The thumbprint is used for
verification during initialization of Root Endpoint Coordinator and for
installing Endpoint Coordinators. Copy and save the thumbprint before
exiting the wizard.

8. Click Finish to close the installation wizard.

9. Repeat Step 1 through Step 8 to install additional Endpoint Coordinator on a
separate machine.
10. Configure Endpoint Coordinator. Do one of the following:
– For a Root Endpoint Coordinator, see, “Initialize the Root Endpoint
Coordinator” on page 55.
– For a Endpoint Coordinator, see “Add Endpoint Coordinators” on page 56.

Install Endpoint Coordinator Using the Command Line

Chapter 4: Deploying Endpoint Coordinators 51

RSA DLP 9.6 Endpoint Deployment Guide

Important: You must launch cmd.exe as an administrator or disable UAC to

execute the installer from the command line.

For example, if you want to install Endpoint Coordinator on a drive other than the
default C: drive. Use a command such as this:
"RSA_DLP_Installer_9.6.exe" /v"INSTALLDIR=\"D:\Program
Files(x86)\RSA\" ADDLOCAL=EPC"

The above command will install Endpoint Coordinator to D:\Program

Files(x86)\RSA.

For example, type /v"/l*v C:\installlog.txt ADDLOCAL=EPC" to specify

that a log file be created and stored in the specified location, and that only Enterprise
Manager must be installed.

Note: Property values that contain spaces must be enclosed in quotes. To

set a property value to NULL, make the value empty, for example,
IS_SQLSERVER_AUTHENTICATION=.

– ADDLOCAL=EPC
Specifies the components to install. For Endpoint Coordinator only use
ADDLOCAL=EPC.
– CONFIG=filePath
The fully qualified file name to be used as a configuration file. By default, the
filename is EMInstall.ini.
– INSTALLDIR_EPC=installPath
The Endpoint Coordinator installation location. Set this path only if you want
to install Endpoint Coordinator in a different location than Enterprise
Manager.
– EPC_TYPE=1|2
Specifies the role of the Endpoint Coordinator. Use 1 for a Root Endpoint
Coordinator and 2 for a Endpoint Coordinator.

52 Chapter 4: Deploying Endpoint Coordinators

RSA DLP 9.6 Endpoint Deployment Guide

Note: If you plan to install Endpoint Coordinator on the same

machine as Enterprise Manager, you must specify EPC_TYPE=1.

– PASSCODE=passcode
The passcode used during initialization of Root Endpoint Coordinator in
Enterprise Manager.

Note: This is a required parameter if the EPC_TYPE=1.

– ROOT_EPC=hostname or IP address
Specifies the hostname or IP address of the Root Endpoint Coordinator in
your deployment.

Note: This is a required parameter if the EPC_TYPE=2.

– EPC_KEY=authorization_key
Specify the Authorization key of the Root Endpoint Coordinator. The
Authorization key is listed in the Root Endpoint Coordinator details pane on
the Enterprise Manager console.
– ROOT_THUMBPRINT=certificate_thumbprint
Specify the Certificate thumbprint of the Root Endpoint Coordinator. The
Certificate thumbprint is listed in the Root Endpoint Coordinator details pane
on the Enterprise Manager console.

Instead of specifying the properties in the command line, you can set properties in a
configuration file, specified by the CONFIG property as shown above. For each
property, a configuration file value takes precedence over a command line value,
which takes precedence over the default value. If the CONFIG property is not set or
refers to a nonexistent file, the installer checks the directory that holds the installer for
a file named EMInstall.ini and uses the values from that file.

A configuration file must be in standard .ini file format, in which all properties are
set in a section labeled [config] . For example:
[config]
ADDLOCAL=EPC
INSTALLDIR_EPC="C:\RSA DLP EPC"
EPC_TYPE=1
PASSCODE="Password#1"

The following example command performs a silent install with parameters taken from
the file ConfigFile.ini:
RSA_DLP_Installer_9.6.exe /s /v"/qn CONFIG=\"C:\ConfigFolder\
ConfigFile.ini\""

Chapter 4: Deploying Endpoint Coordinators 53

RSA DLP 9.6 Endpoint Deployment Guide

Verify the Endpoint Coordinator Installation

Perform these checks and tasks to verify if the Endpoint Coordinator installation was
successful.

To verify the Endpoint Coordinator installation:

1. Verify the presence of the Endpoint Coordinator services in the Windows Services
dialog box.
– For Root Endpoint Coordinator:

Note: Only the RSA DLP Join Service is started immediately after
installation. Other services are started when the Root Endpoint
Coordinator is initalized. For instructions, see “Initialize the Root
Endpoint Coordinator” on page 55

– For Endpoint Coordinator:

Note: Only the RSA DLP Endpoint Coordinator service is started

immediately after installation. Other services are started when the
Endpoint Coordinator is added to the Enterprise Manager. For
instructions, see “Add Endpoint Coordinators” on page 56.

2. Review the DLPInstall.log file.

The Endpoint Coordinator installation generates the DLPInstall.log file with
information on the steps performed and their results. The log file is located in the

54 Chapter 4: Deploying Endpoint Coordinators

RSA DLP 9.6 Endpoint Deployment Guide

EPC_install_dir\logs folder, where EPC_install_dir is the Endpoint

Coordinator installation directory. The default location is:
C:\Program Files(x86)\RSA\EndpointCoordinator\logs

Note: If the installation fails the log file is available in the %TEMP% folder
of the system on which Endpoint Coordinator is installed.

You can capture more detailed logging information by installing using the
command line and enabling full MSI logging. For information, see “Install
Endpoint Coordinator Using the Command Line” on page 51.

Initialize the Root Endpoint Coordinator

The installation process places the Root Endpoint Coordinator files in the location
specified during installation. To finish the installation, you need to perform the
following procedure.

To initialize the Root Endpoint Coordinator

1. Log on to the Enterprise Manager console.

2. Click the Admin tab.
The Status Overview page appears.
3. In the menu bar, click Endpoint > Endpoint Coordinators.
The Initialize Root Endpoint Coordinator pop-up window appears.
4. Read the instructions and click Next.
5. In the Hostname/IP Address field, enter the FQDN, Hostname, or IP address of
the Root Endpoint Coordinator and click Next.
The certificate thumbprint is displayed in the pop-up window.
6. Verify the certificate thumbprint of the Root Endpoint Coordinator and click Next.
The certificate thumbprint is generated during installation of Root Endpoint
Coordinator and displayed on the last installer screen.
7. Enter the passcode for the Root Endpoint Coordinator and click Next.
Leave this field blank if you did not specify a passcode during installation of Root
Endpoint Coordinator.
8. Click Initialize Root EPC.
Initialization status is displayed.
9. Click Close.
The page lists the Root Endpoint Coordinator.

Chapter 4: Deploying Endpoint Coordinators 55

RSA DLP 9.6 Endpoint Deployment Guide

Add Endpoint Coordinators

The installation process places the Endpoint Coordinator files in the location specified
during installation. To finish the installation, you need to perform the following
procedure.

To add a Endpoint Coordinator

1. Log on to the Enterprise Manager console.

2. Click the Admin tab.
The Status Overview page appears.
3. In the menu bar, click Endpoint > Endpoint Coordinators.
The Endpoint Coordinators page appears.
4. Click Add....
Add Endpoint Coordinator pop-up window appears.
5. In the Hostname or IP Address field, enter the FQDN, Hostname, or IP address
of the Endpoint Coordinator.
6. Click Add.
The page lists the new Endpoint Coordinator.

Uninstall Endpoint Coordinator

If you need to uninstall Endpoint Coordinator, use the Windows Programs and
Features option.

Note: Using Windows Programs and Features option will uninstall all the
DLP components. If you have more than one DLP components and plan to
uninstall only Endpoint Coordinator, run the installer and select Modify.

To uninstall Endpoint Coordinator:

1. Click Start > Control Panel > Programs and Features.

56 Chapter 4: Deploying Endpoint Coordinators

RSA DLP 9.6 Endpoint Deployment Guide

3. Do one of the following:

a. Click Yes, if you want the uninstaller to completely remove Endpoint
Coordinator and all of its related files.
b. Click No, if you want the uninstaller to remove only those files that the
installer originally installed. Select this option if you wish to retain logs,
configuration files, stored searches, and cached data.
The uninstall process continues until the Endpoint Coordinator application is
removed.
4. Close the Programs and Features window.

Chapter 4: Deploying Endpoint Coordinators 57

RSA DLP 9.6 Endpoint Deployment Guide

58 Chapter 4: Deploying Endpoint Coordinators

RSA DLP 9.6 Endpoint Deployment Guide

5 Installing DLP Endpoint Agents

This chapter explains how to install DLP Endpoint agents on the end-user machines.

Topics:

• DLP Endpoint Agent Installation Prerequisites

• Install DLP Endpoint Agents
• Verify Endpoint Agent Installation
• Uninstall Endpoint Agent

DLP Endpoint Agent Installation Prerequisites

Before you begin DLP Endpoint agent installation, you must:
• Install Enterprise Manager. For more information, see “Deploying
Enterprise Manager” on page 29.
• Install Endpoint Coordinators. For more information, see “Deploying Endpoint
Coordinators” on page 47.
• Make sure that the end-user machine meets the system requirements. For more
information, see “System Requirements” on page 17.
• Make sure the required ports are accessable. For more information, see “Port
Usage” on page 23.
• Generate the Endpoint agent installer. For more information, see the RSA DLP
Endpoint User Guide or Enterprise Manager online help.
• Generate the Agent Authorization Key. For more information, see the RSA DLP
Endpoint User Guide or Enterprise Manager online help.
• The Root Endpoint Coordinator must be accessible by the endpoint machines.

Note: The Endpoint agent bootstrapping and certificate renewals will fail
if the endpoint machine is not able to contact the Root Endpoint
Coordinator.

Chapter 5: Installing DLP Endpoint Agents 59

RSA DLP 9.6 Endpoint Deployment Guide

Install DLP Endpoint Agents

Installing DLP Endpoint agent involves running the Endpoint agent installer on each
endpoint machine that is to be monitored. You must have Administrator privileges on
each machine on which you want to install an Endpoint agent.

You can install the Endpoint agent on one machine at a time, or you can use enterprise
desktop management software to install it on multiple machines.

Important: Make sure that *.bin files are allowed to be downloaded and
RSA DLP Endpoint agent is excluded from any other security products installed
on endpoint machines, like, Antivirus application and Cisco Security Agent.

RSA recommends that you add the DLP Endpoint agent to the corporate standard
images for virtual desktops and physical hosts, once the DLP Endpoint deployment is
stable in the production environment.

You can use one of the following methods to install an Endpoint agent.
• Install Endpoint Agent Using the Command Line
• Remotely Install Multiple Endpoint Agents
• Locally Install a Single Endpoint Agent

Install Endpoint Agent Using the Command Line

Endpoint agent installer can be run from a command line as an alternative to using the
installation wizard. The installer supports the standard MSI command line options.

You can use standard MSI command line options like /q for silent installs, and the /l
for creating installation log file. For a list of standard MSI options, see http://
support.microsoft.com/kb/314881.

Important: You must launch cmd.exe as an administrator or disable UAC to

execute the installer from the command line.

Following are the Endpoint agent installer properties, in the format

PROPERTY=value. Property values that contain spaces must be enclosed in quotes.
• SERVER=hostname or IP address
Specifies the hostname or IP address of the Root Endpoint Coordinator in your
deployment.
• JOIN_PARAMS=Authorization key
Specifies the Authorization key used to install the Endpoint agent. The
Authorization key can be generated using the Enterprise Manager console. For
more information, see the RSA DLP Endpoint User Guide or Enterprise Manager
online help.

60 Chapter 5: Installing DLP Endpoint Agents

RSA DLP 9.6 Endpoint Deployment Guide

• SAFEMODE=1
Specifies if you want the installer to check for incompatible McAfee driver
version. If an incompatible McAfee driver version is found, then installation is
aborted.

For example,
msiexec /i "Endpoint_Agent.msi" SERVER=myepc.mydomain.com
JOIN_PARAMS=Default;335f253c-7982-4309-9307-21afab8fdbb2;14b4e0
e22040fa7927af716381f440379faf92b7;2TgKU/
2EypmqdODeC2KA9inHkuwFDsbnfdKYM8SvcfA=

Remotely Install Multiple Endpoint Agents

You can use Microsoft Group Policy, Microsoft System Center Configuration
Manager (SCCM), or any other deployment program to deploy DLP software across
your enterprise.

Note: The following example is one of the way to deploy Endpoint agents
across the enterprise.

Microsoft’s Group Policy feature provides centralized management of computers and

users in an Active Directory environment.

Before You Begin

• Generate the Agent Authorization Key. For more information, see the RSA DLP
Endpoint User Guide or Enterprise Manager online help.
• Generate the Endpoint agent installer. For more information, see the RSA DLP
Endpoint User Guide or Enterprise Manager online help.

Note: This document refer the generated agent installer as

Endpoint_Agent.msi.

• You must be familiar with Active Directory and Microsoft Group Policy. For more
information, see the Microsoft documentation.
• You must launch cmd.exe as an administrator or disable UAC to execute the
installer from the command line.

To install multiple Endpoint agents:

1. Copy the Endpoint agent installer (Endpoint_Agent.msi) to a distribution

point.
The distribution point must be a network location accessible by the target
computers. For example, a network share on a domain controller.
2. Create a Group Policy Object (GPO) and link it to any Active Directory container,
such as a site, a domain, or an organizational unit (OU) that contains the target
computers to deploy the agent.

Chapter 5: Installing DLP Endpoint Agents 61

RSA DLP 9.6 Endpoint Deployment Guide

a. On a domain controller or administrative workstation, select Administrative

Tools > Active Directory Users and Computers from the Control Panel.
The Active Directory Users and Computers window appears.
b. In the console tree, locate and right-click on the Active Directory container
that contains the computers on which you want to deploy the agent, and then
click Properties.
The Properties dialog for that container appears.
c. Select the Group Policy tab, and then click New.
A New GPO dialog appears.
d. Specify a name for the new GPO, and then click Enter.
3. Edit the GPO for deployment.
a. Right-click the GPO you just created, and select Edit.
The Group Policy Object Editor appears.
b. Select Computer Configuration > Software Settings > Software
Installation.
c. Select New > Package from the Action menu.
An Open dialog appears.
d. Specify the UNC path to the agent installer (MSI) or select the Windows
Installer package, and then click Open.
The Deploy Software dialog appears.
e. Select Assigned as the deployment method, then click OK.
The shared installer package that you selected appears in the right pane of
Group Policy Object Editor.
f. Create a batch file (.bat) to specify the parameters used during agent
deployment:
For example:
subst x: /D
subst x: \\computername\PathToAgentMSI

msiexec /i "Endpoint_Agent.msi" SERVER=myepc.mydomain.com

JOIN_PARAMS=Default;335f253c-7982-4309-9307-21afab8fdbb2;
14b4e0e22040fa7927af716381f440379faf92b7;2TgKU/
2EypmqdODeC2KA9inHkuwFDsbnfdKYM8SvcfA= /quiet

subst x: /D
Where,
• \\computername\PathToAgentMSI is the UNC path to the agent
installer
• SERVER is the hostname or IP address of the Root Endpoint Coordinator.

62 Chapter 5: Installing DLP Endpoint Agents

RSA DLP 9.6 Endpoint Deployment Guide

• JOIN_PARAMS is the authorization key used to install the Endpoint agent.

The Authorization key can be generated using the Enterprise Manager
console.
g. Add the batch file to the logon script:
i. In the left pane of the GPO Editor, select User Configuration >
Windows Settings > Scripts (Logon\Logoff).
The Scripts Logon\Logoff page appears in the right side of the GPO
Editor.
ii. Select Logon, then right-click and select Properties.
The Logon Properties window appears.
iii. Select Add, and browse to the batch file you have just created. Click OK
to add the batch file to the logon script.
The Endpoint Agents will be deployed at logon.
You can now exit the Active Directory Users and Computers window.
The installer automatically installs the agent on each target machine the next time
that machine is active on the network.

Locally Install a Single Endpoint Agent

Use the following procedure to locally install a single Endpoint agent.

Before You Begin

Note: This document refer the generated agent installer as

Endpoint_Agent.msi.

To install a single Endpoint agent

1. Copy Endpoint_Agent.msi to a target machine.

2. Double-click the Endpoint_Agent.msi file to start the installation wizard.
Click Run, if a security warning appears.

Important: You must launch the installer as an administrator.

The Installation wizard opens.

3. Read the Welcome text, then click Next.
The Destination Folder screen appears.

Chapter 5: Installing DLP Endpoint Agents 63

RSA DLP 9.6 Endpoint Deployment Guide

4. Accept the default installation directory shown, or click Change and navigate to
the directory where you want the agent to be installed.
5. Click Next.
The Root Endpoint Coordinator Configuration screen appears.
6. Do the following:
a. Enter the FQDN, Hostname, or IP address of the Root Endpoint Coordinator.
b. Enter the Agent Authorization Key.
The Authorization key can be generated using the Enterprise Manager
console. For more information, see the RSA DLP Endpoint User Guide or
Enterprise Manager online help.
c. Click Next.
The Ready to Install the Application screen appears.
7. Click Install to begin installing the agent.
During the installation, the Installing RSA DLP Endpoint Agent screen displays
progress. When installation completes, the Successful Installation screen appears.
8. Click Finish to close the Installation Wizard.

Verify Endpoint Agent Installation

After installation, you can verify the presence of the agent on a target machine by
looking for the RSA DLP Endpoint Enforce service in the Windows Services
dialog box.

Uninstall Endpoint Agent

You can use one of the following methods to uninstall an Endpoint agent.
• Remotely Uninstall Multiple Endpoint Agents
• Uninstall a Single Endpoint Agent

64 Chapter 5: Installing DLP Endpoint Agents

RSA DLP 9.6 Endpoint Deployment Guide

Remotely Uninstall Multiple Endpoint Agents

You can use Microsoft Group Policy, Microsoft System Center Configuration
Manager (SCCM), or any other deployment program to uninstall DLP software across
your enterprise.

Note: The following example is one of the way to deploy Endpoint agents
across the enterprise.

Microsoft’s Group Policy feature provides centralized management of computers and

users in an Active Directory environment.

Before You Begin

To uninstall multiple Endpoint agents:

1. Select Administrative Tools > Active Directory Users and Computers from the
Control Panel. The Active Directory Users and Computers window appears.
2. In the console tree, locate and right-click the Active Directory container that
contains the computers on which you have deployed the agent, then click
Properties. The Properties dialog for that container appears.
3. Select the Group Policy tab, then select the GPO you created for deployment.
Click Edit.
4. Select Software Settings > Software Installation. The Group Policy window
appears.
5. In the right pane of the Group Policy window, right-click the agent installation
program, select All Tasks, and then click Remove.
6. Select Immediately uninstall the software from users and computers, then
click OK.

Uninstall a Single Endpoint Agent

You can uninstall the agent at the endpoint by using the Windows Add or Remove
Programs facility.

Note: Only a network administrator or someone who is logged on to a local computer

as an administrator can uninstall an Endpoint agent.
The Endpoint agent is listed in Programs and Features window only if it is enabled on
the Enterprise Manager Endpoint Groups page.

Chapter 5: Installing DLP Endpoint Agents 65

RSA DLP 9.6 Endpoint Deployment Guide

To uninstall a single Endpoint agent:

1. Click Start > Control Panel > Programs and Features.

The Programs and Features window opens.
2. From the list, select RSA DLP Endpoint Agent, then click Uninstall. Click Yes
in the confirmation dialog box that appears.
The uninstall process continues until the application is removed.
3. Close the Programs and Features window.

66 Chapter 5: Installing DLP Endpoint Agents

RSA DLP 9.6 Endpoint Deployment Guide

A Endpoint Agent Messages

This appendix describes the messages that an end-user may receive when an Endpoint
agent is active on the user’s computer.

The DLP Endpoint agent communicates with end-users by presenting messages, and
in some cases asking for text input.

Topics:
• About DLP Endpoint Agent User Interface
• Notification Dialogs
• Customizing Endpoint Agent Notifications

About DLP Endpoint Agent User Interface

To minimize interference with the users’ normal actions, the Endpoint agent user
interface is limited and as unobtrusive as possible. Unless a policy violation occurs
that requires user notification or input, the end-user is unaware that the agent is
functioning.

Note: If sensitive content has been detected in a file, print, and CD user
actions on all files opened by the same application during the same
application session, are subject to policy enforcement. That is, if an Excel file
containing sensitive content is open on an end-user’s desktop, and the user
attempts to print non-sensitive data from a different Excel file; that action, if a
violation of policy, may be blocked, or otherwise limited. To print the
non-sensitive data, the user must close all files and restart the application.

Appendix A: Endpoint Agent Messages 67

RSA DLP 9.6 Endpoint Deployment Guide

Notification Dialogs
The DLP Endpoint displays messages on the screen of the computer on which a policy
violation has taken place. The following are the supported notification dialogs:
• Notification Dialogs for File Operations
• Notification Dialogs for Clipboard Operations

Notification Dialogs for File Operations

When a policy violation is detected during a file operation, one of the following
notification dialog boxes is displayed:
• Block and Audit. This dialog box informs the end-user that a specific action is in
violation of corporate policy, and has been blocked.

The end-user acknowledges and dismisses the dialog box by clicking Close.
If the end-user believes that the blocking action is interfering with a valid business
case, the end-user can click Request Help... to request a temporary override to
Endpoint policies. The IT or security specialist analyzes the request and if there is
a valid reason for the override, generates a single-use password and sends it to the
end-user. The type of override is determined by the IT or security specialist
depending on the nature of the request. This password is then communicated to
the end-user, who can then proceed. If the override was to disable Endpoint,
monitoring will be stopped; if it was a policy override, the end-user must still
justify the action that had previously been blocked, ensuring that the action and
the reason for it is audited. See the RSA DLP Endpoint User Guide or the
Enterprise Manager online help for more details about requesting DLP Endpoint
Overrides and Management Tool settings.

68 Appendix A: Endpoint Agent Messages

RSA DLP 9.6 Endpoint Deployment Guide

Note: The Request Help... button is grayed out and inactive if contact
information is not set for the Endpoint Group to which this machine
belongs.

Click the information icon ( ) in the upper right corner to go to a URL defined
by your DLP administrator to find out more information about corporate policy.
• Justify and Audit. This dialog box notifies the end-user that the attempted action
violates policy and requires the end-user to enter a justification for the action
before continuing.

The end-user can:

– Click Cancel to abandon the action and close this dialog box.
– Use the Select justification drop-down list to select a predefined justification
message and click Continue to proceed.
– Type a justification in the text box and click Continue to proceed.

Note: Justification text must be at least 5 characters long, or the user

will be prompted to enter more information.

Click the information icon ( ) in the upper right corner to go to a URL defined
by your DLP administrator to find out more information about corporate policy.

Appendix A: Endpoint Agent Messages 69

RSA DLP 9.6 Endpoint Deployment Guide

• Notify and Audit. This dialog box notifies the end-user that the attempted action
may violate policy.

The end-user can:

– Click Cancel to abandon the action and close this dialog box.
– Click Continue to acknowledge that they understand they may be violating
policy, but want to proceed regardless.
Click the information icon ( ) in the upper right corner to go to a URL defined
by your DLP administrator to find out more information about corporate policy.

Notification Dialogs for Clipboard Operations

When a policy violation is detected during a virtual host clipboard operation, one of
the following notification dialog boxes is displayed:

70 Appendix A: Endpoint Agent Messages

RSA DLP 9.6 Endpoint Deployment Guide

• Block and Audit. This dialog box informs the end-user that the text can only be
pasted within the virtual host.

Note: The Request Help... button is grayed out and inactive if contact
information is not set for the Endpoint Group to which this machine
belongs.

Click the information icon ( ) in the upper right corner to go to a URL defined
by your DLP administrator to find out more information about corporate policy.

Appendix A: Endpoint Agent Messages 71

RSA DLP 9.6 Endpoint Deployment Guide

• Justify and Audit. This dialog box notifies the end-user that the attempted action
violates policy and requires the end-user to enter a justification for the action
before continuing.

The end-user can:

– Click No to abandon the action and close this dialog box. The end-user is
allowed to paste the text within the virtual host and no event is generated.
– Use the Select justification drop-down list to select a predefined justification
message and click Yes to proceed. The end-user is allowed to paste the text
out of the virtual host and an event is generated.
– Type a justification in the text box and click Yes to proceed. The end-user is
allowed to paste the text out of the virtual host and an event is generated.

Note: Justification text must be at least 5 characters long, or the user

will be prompted to enter more information.

Click the information icon ( ) in the upper right corner to go to a URL defined
by your DLP administrator to find out more information about corporate policy.

72 Appendix A: Endpoint Agent Messages

RSA DLP 9.6 Endpoint Deployment Guide

• Notify and Audit. This dialog box notifies the end-user that the attempted action
violates policy and is given the option to cancel the action.

The end-user can:

– Click Yes. The end-user is allowed to copy text out of virtual host and an
event is generated.
– Click No. The end-user is allowed to paste the text within the virtual host and
no event is generated.
Click the information icon ( ) in the upper right corner to go to a URL defined
by your DLP administrator to find out more information about corporate policy.
If you want the DLP Endpoint to remember the action that you performed on the
pop-up message, select Do not prompt me again until next login. After you select
this option, the following happens:
• The pop-up messages are not displayed for the violations against the current
policy during the entire user session.
• The action that you performed on the pop-up message is applied for all subsequent
violations.

For example, if the you intend to copy the sensitive text within the virtual desktop,
select Do not prompt me again until next login and click No. For all subsequent
copy operations, the Notify message will not be displayed.

Appendix A: Endpoint Agent Messages 73

RSA DLP 9.6 Endpoint Deployment Guide

Customizing Endpoint Agent Notifications

DLP Endpoint administrators can use Enterprise Manager to customize the messages
displayed within these Corporate Security Notification dialogs.

For more information, see the RSA DLP Endpoint User Guide, or the Enterprise
Manager online help.

DLP Endpoint administrators can also customize the appearance of the notification
dialogs to adhere to their own corporate branding by using their own color scheme,
corporate logos, and so on.

To change the background image for the DLP Endpoint notification dialogs:

1. Create a new background image that contains the images/color schemes you want
to use.
– Make sure your new image has the exact same dimensions as the original.
Default filenames and dimensions are:

Filename Resolution

background.bmp 500 x 277

background_120.bmp 579 x 346

background_144.bmp 750 x 415

background_192.bmp 1000 x 554

– Make sure there is enough space/plain background color to display the DLP
content/message in the center of the image.
Refer to the default DLP Endpoint messages for comparisons. For example:

My Organization – Endpoint Enforce Alert Header

Corporate Policy Analysis

277 px
Message body

Footer

500 px

74 Appendix A: Endpoint Agent Messages

RSA DLP 9.6 Endpoint Deployment Guide

2. Name the new image background.bmp.

Refer to the default filenames required for different resolutions in step 1.
3. Create a ZIP file of the custom images and upload the file using the Enterprise
Manager console. For instructions, see the Enterprise Manager help.
The next violation requiring one of these Corporate Security Notification dialogs
will use the new image. For example:

Appendix A: Endpoint Agent Messages 75

RSA DLP 9.6 Endpoint Deployment Guide

76 Appendix A: Endpoint Agent Messages

RSA DLP 9.6 Endpoint Deployment Guide

B DLP Deployment Scenarios

RSA Data Loss Prevention is highly scalable and configurable. You can deploy DLP
starting with all components on separate, geographically distributed machines, in a
production setup, to nearly all components integrated onto a single machine in a test
setup.

Note: It is a best practice to deploy DLP components on separate dedicated machines

for optimal performance. In certain circumstances, DLP components can be
co-located on a single machine with minimal performance impact.
To determine the suitability of co-locating DLP components on single machines in
your deployment, consult with RSA DLP Professional Services.

This appendix describes sample deployment scenarios supported by the RSA DLP.

Topics:
• Full Enterprise Deployment
• DLP Datacenter and DLP Network
• DLP Datacenter and DLP Endpoint
• DLP Network and DLP Endpoint
• DLP Network Only
• DLP Datacenter Only
• DLP Endpoint Only

Appendix B: DLP Deployment Scenarios 77

RSA DLP 9.6 Endpoint Deployment Guide

Full Enterprise Deployment

The following figure shows an enterprise deployment of the DLP. This deployment
scenario includes all the three DLP products, Network, Datacenter, and Endpoint. The
figure shows Datacenter and Endpoint configured for multiple sites.

Enterprise Manager
Database

Network Controller Enterprise Coordinator Root Endpoint Coordinator

Site 1 Site n Site 1 Site n

Site Coordinator Site Coordinator Endpoint Coordinator Endpoint Coordinator

Sensor

Scanning agents End-user machine

(grid workers )
End-user machine End-user machine
(Endpoint agent installed) (Endpoint agent installed)

Interceptor

Data Repository Data Repository
ICAP Server

Note: You can install both the Datacenter and Endpoint agents on the same
end-user machine.

For a full production deployment it is recommended to deploy all the DLP

components on dedicated systems.

In a production deployment, the following individual DLP components may be

replaced by multiple or clustered systems to provide high-availability or failover:
• Microsoft SQL Server
• Enterprise Manager

78 Appendix B: DLP Deployment Scenarios

RSA DLP 9.6 Endpoint Deployment Guide

• Enterprise Coordinator
• Root Endpoint Coordinator
• Sensor
• Interceptor
• ICAP Server

DLP Datacenter and DLP Network

The following figure shows a deployment scenario which includes the
DLP Datacenter and DLP Network products. The figure shows Datacenter configured
for multiple sites.

Enterprise Manager
Database

Network Controller Enterprise Coordinator

Site 1 Site n

Site Coordinator Site Coordinator

Sensor

Scanning agents End-user machine

(grid workers )

Interceptor

Data Repository Data Repository
ICAP Server

Appendix B: DLP Deployment Scenarios 79

RSA DLP 9.6 Endpoint Deployment Guide

In a test deployment, the Enterprise Manager and Enterprise Coordinator can be

deployed on the same machines.

The Site Coordinators are installed on separate machines local to each site, and
Network managed devices are on separate appliances.

DLP Datacenter and DLP Endpoint

The following figure shows a deployment scenario which includes the
DLP Datacenter and DLP Endpoint products. The figure shows Datacenter and
Endpoint configured for multiple sites.

Enterprise Manager
Database

Enterprise Coordinator Root Endpoint Coordinator

Site 1 Site n Site 1 Site n

Site Coordinator Site Coordinator Endpoint Coordinator Endpoint Coordinator

Scanning agents End-user machine

(grid workers )
End-user machine End-user machine
(Endpoint agent installed) (Endpoint agent installed)

Data Repository Data Repository

In a test deployment, the Enterprise Manager and Enterprise Coordinator can be

deployed on the same machines.

80 Appendix B: DLP Deployment Scenarios

RSA DLP 9.6 Endpoint Deployment Guide

The Site Coordinators and Endpoint Coordinators are installed on separate machines
local to each site. Discovery agents and Endpoint agents can be installed on the same
end-user machines.

DLP Network and DLP Endpoint

The following figure shows a deployment scenario which includes the DLP Network
and DLP Endpoint products. The figure shows Endpoint configured for multiple sites.

Enterprise Manager
Database

Network Controller Root Endpoint Coordinator

Site 1 Site n

Sensor
Endpoint Coordinator Endpoint Coordinator

Interceptor

End-user machine End-user machine

(Endpoint agent installed) (Endpoint agent installed)

ICAP Server

In a test deployment, the Enterprise Manager and Root Endpoint Coordinator can be
deployed on the same machines.

Appendix B: DLP Deployment Scenarios 81

RSA DLP 9.6 Endpoint Deployment Guide

The Endpoint Coordinators are installed on separate machines local to each site, and
Endpoint agents installed on end-user machines.

DLP Network Only

The following deployment scenario includes only the DLP Network product. The
Enterprise Manager is deployed on a separate machine. The Network Controller,
Sensor, Interceptor, and ICAP Server are on RSA appliances.

Enterprise Manager
Database

Network Controller

Sensor

Interceptor

ICAP Server

82 Appendix B: DLP Deployment Scenarios

RSA DLP 9.6 Endpoint Deployment Guide

DLP Datacenter Only

The following deployment scenario includes only the DLP Datacenter product. The
figure shows Datacenter configured for multiple sites.

Enterprise Manager
Database

Enterprise Coordinator

Site 1 Site n

Site Coordinator Site Coordinator

Scanning agents End-user machine

(grid workers )

Data Repository Data Repository

In a test deployment, the Enterprise Manager and Enterprise Coordinator can be

deployed on the same machines.

The Site Coordinators are installed on separate machines local to each site.

Appendix B: DLP Deployment Scenarios 83

RSA DLP 9.6 Endpoint Deployment Guide

DLP Endpoint Only

The following deployment scenario includes only the DLP Endpoint product. The
figure shows Endpoint configured for multiple sites.

Enterprise Manager
Database

Root Endpoint Coordinator

Site 1 Site n

Endpoint Coordinator Endpoint Coordinator

End-user machine End-user machine

(Endpoint agent installed) (Endpoint agent installed)

In a test deployment, the Enterprise Manager and Root Endpoint Coordinator can be
deployed on the same machines.

The Endpoint Coordinators are installed on separate machines local to each site, and
Endpoint agents installed on end-user machines.

84 Appendix B: DLP Deployment Scenarios

RSA DLP 9.6 Endpoint Deployment Guide

Index
A Endpoint Coordinator
attribute rules 15 adding 56
installation prerequisites 48
C installation procedure 48
content analysis 14 overview 47
copy actions 15 Root 55
customer support 9 uninstalling 56
Endpoint Coordinatorr
D installing from a command line 51
desktop management software 61 installing using the wizard 49
DLP deployment Endpoint messages. See agent messages
Datacenter and Endpoint 80 Enterprise Manager
Datacenter and Network 79 installation 29
Datacenter only 83 installation procedure 34
Endpoint only 84 installing from a command line 39
enterprise deployment 78 installing remotely with RDP 43
Network and Endpoint 81 installing using the wizard 34
Network only 82 run-as user requirements 30
DLP deployment configurations 77 setting up SQL Server 32
DLP Endpoint system requirements
components 12 SQL Server client tools 33
deployment flow 27 uninstalling 44
installation 59 verifying the installation 43
introduction 11 Windows Service 43

E F
Endpoint file attributes 15
agent notifications 67
agent user interface 67 I
preparing for deployment 17 installation
Endpoint agent Endpoint agents 60
working 13 of an Endpoint agent 60
Endpoint agent messages 67 of Endpoint Coordinator 48
block 68, 71 of Enterprise Manager 34
customizing 74 system requirements 59
justify 69, 72 installation of Endpoint Coordinator
notify 70, 73 from a command line 51
Endpoint Cooordinato uninstalling 56
verifying the installation 54 using the wizard 49

Index 85
RSA DLP 9.6 Endpoint Deployment Guide

verifying 54 of Enterprise Manager 44

installation of Enterprise Manager user actions
Enterprise Manager run-as user 30 copy/move/save as 15
from a command line 39 print 15
remotely, using RDP 43
required SQL Server client tools 33 W
setting up SQL Server 32 Windows Services
uninstalling 44 Enterprise Manager 43
using the wizard 34 working of
verifying 43 Endpoint agent 13
installing
Endpoint Coordinator 48
Enterprise Manager 29, 34

M
Manager 34
messages 67
move actions 15

P
policy actions
audit 15
block 15, 68, 71
justify 15, 69, 72
notify 15, 70, 73

R
Root Endpoint Coordinator
initialization 55
RSA DLP Enterprise Manager service 43

S
save as actions 15
setting up SQL Server 32
SQL Server client tools 33
system requirements 17, 59
Endpoint agent 21
Endpoint agent deployment 26
Endpoint Coordinator 19
port usage 23

T
technical support 9
third-party integration 26

U
uninstallation
of Endpoint Coordinator 56

86 Index

Authentication Plug-In DeveloperGuide
No ratings yet
Authentication Plug-In DeveloperGuide
50 pages
AMBA User Guide Build 107
No ratings yet
AMBA User Guide Build 107
134 pages
Auth Agent API C Dev Guide PDF
No ratings yet
Auth Agent API C Dev Guide PDF
208 pages
Installation UpgradeGuide
No ratings yet
Installation UpgradeGuide
168 pages
Am Migration Guide 7.1 New Appliance
No ratings yet
Am Migration Guide 7.1 New Appliance
202 pages
BackOffice UserGuide
No ratings yet
BackOffice UserGuide
177 pages
Docu57862 Documentum Content Server 7.2 Release Notes
No ratings yet
Docu57862 Documentum Content Server 7.2 Release Notes
36 pages
Docu57862 Documentum Content Server 7.2 Release Notes
No ratings yet
Docu57862 Documentum Content Server 7.2 Release Notes
36 pages
Secure Remote Services Installation Guide PDF
No ratings yet
Secure Remote Services Installation Guide PDF
70 pages
Secure Remote Services 3.38 Intallation Guide
No ratings yet
Secure Remote Services 3.38 Intallation Guide
78 pages
MyDLP Endpoint Installation Guide
No ratings yet
MyDLP Endpoint Installation Guide
10 pages
DPA SolVe 62SP3 Implementing Plain
No ratings yet
DPA SolVe 62SP3 Implementing Plain
46 pages
IEM V9.1 Patch QSG
No ratings yet
IEM V9.1 Patch QSG
2 pages
Envision Architecture
No ratings yet
Envision Architecture
67 pages
EMC Smart Assurance Suite 96 Installation and Configuration Guide For EMC MANDR
No ratings yet
EMC Smart Assurance Suite 96 Installation and Configuration Guide For EMC MANDR
106 pages
EMC Secure Remote Services 3.32 Operations Guide PDF
No ratings yet
EMC Secure Remote Services 3.32 Operations Guide PDF
172 pages
RSA Archer Security Operations Management
No ratings yet
RSA Archer Security Operations Management
77 pages
Endpoint Security: Client Management Guide
No ratings yet
Endpoint Security: Client Management Guide
36 pages
How To Perform Data Mover Failover and Failback
No ratings yet
How To Perform Data Mover Failover and Failback
2 pages
Dell Unity_Connectivity related Documents-ESRS Requirements and Configuration guide
No ratings yet
Dell Unity_Connectivity related Documents-ESRS Requirements and Configuration guide
46 pages
IEM V9.1 Lifecycle QSG
No ratings yet
IEM V9.1 Lifecycle QSG
2 pages
Symantec DLP 15.1 Endpoint Server Scalability Guide
No ratings yet
Symantec DLP 15.1 Endpoint Server Scalability Guide
15 pages
EMC Customer Support Guide
No ratings yet
EMC Customer Support Guide
26 pages
EMC Secure Remote Services (ESRS) Release 3.12 Pre Site Checklist
No ratings yet
EMC Secure Remote Services (ESRS) Release 3.12 Pre Site Checklist
24 pages
Rsa Authentication Manager 8.2 SP1 Setup Config Guide
No ratings yet
Rsa Authentication Manager 8.2 SP1 Setup Config Guide
126 pages
EnVision Overview Guide
No ratings yet
EnVision Overview Guide
48 pages
Docu61082 PDF
No ratings yet
Docu61082 PDF
44 pages
Rsa Envision 4.1 User'S Guide
No ratings yet
Rsa Envision 4.1 User'S Guide
72 pages
Rsa Authentication Manager 8.5 Setup Config Guide
No ratings yet
Rsa Authentication Manager 8.5 Setup Config Guide
120 pages
Symantec™ Endpoint Detection and Response 4.0 Sizing and Scalability Guide
No ratings yet
Symantec™ Endpoint Detection and Response 4.0 Sizing and Scalability Guide
44 pages
Docu55297 EMC Secure Remote Services Release 3.14 Installation and Operations Guide
No ratings yet
Docu55297 EMC Secure Remote Services Release 3.14 Installation and Operations Guide
324 pages
Documentum Server 7.2 Release Notes
No ratings yet
Documentum Server 7.2 Release Notes
37 pages
Emc Unity Family Emc Unity All Flash, Emc Unity Hybrid, Emc Unityvsa
No ratings yet
Emc Unity Family Emc Unity All Flash, Emc Unity Hybrid, Emc Unityvsa
33 pages
ESRS Gateway Customer Implementation Guide
No ratings yet
ESRS Gateway Customer Implementation Guide
34 pages
Eca Install
No ratings yet
Eca Install
18 pages
RSA Archer Threat Management 4 Overview Guide
No ratings yet
RSA Archer Threat Management 4 Overview Guide
33 pages
CP R80.40 EndpointSecurity AdminGuide
No ratings yet
CP R80.40 EndpointSecurity AdminGuide
295 pages
NMDA Microsoft Installation
No ratings yet
NMDA Microsoft Installation
48 pages
CP R80.30 GA EndpointSecurity AdminGuide
No ratings yet
CP R80.30 GA EndpointSecurity AdminGuide
251 pages
manual usuario removal trellix
No ratings yet
manual usuario removal trellix
16 pages
ePO 4 Endpoint Encryption Deployment and Reporting User Guide
No ratings yet
ePO 4 Endpoint Encryption Deployment and Reporting User Guide
15 pages
IEM V9.1 StarterKitforLifecycle QSG
No ratings yet
IEM V9.1 StarterKitforLifecycle QSG
2 pages
Symantec Endpoint Protection Quick Start: Updated: September 2021
No ratings yet
Symantec Endpoint Protection Quick Start: Updated: September 2021
8 pages
Release Notes SEP12.1-TW
No ratings yet
Release Notes SEP12.1-TW
23 pages
GuÃ_a_de_instalaciÃ³n_y_configuraciÃ³n_del_cliente_de_backup_EMC_Networker_en_Debian
No ratings yet
GuÃ_a_de_instalaciÃ³n_y_configuraciÃ³n_del_cliente_de_backup_EMC_Networker_en_Debian
28 pages
CP R77.30.01 EndpointSecurity AdminGuide PDF
No ratings yet
CP R77.30.01 EndpointSecurity AdminGuide PDF
241 pages
Symantec™ Endpoint Protection 14.2 Installation and Administration Guide
No ratings yet
Symantec™ Endpoint Protection 14.2 Installation and Administration Guide
846 pages
RSA Authentication Manager 8.2 Troubleshooting Guide
No ratings yet
RSA Authentication Manager 8.2 Troubleshooting Guide
176 pages
EMC - Software - Customer - Guide (2018 - 07 - 11 20 - 32 - 40 UTC)
No ratings yet
EMC - Software - Customer - Guide (2018 - 07 - 11 20 - 32 - 40 UTC)
25 pages
Emc Networker: Virtual Edition Deployment Guide
No ratings yet
Emc Networker: Virtual Edition Deployment Guide
42 pages
SEE-RS 8.2.1 Installation Guide
No ratings yet
SEE-RS 8.2.1 Installation Guide
132 pages
ENS 10.1 Common DeltaILT
No ratings yet
ENS 10.1 Common DeltaILT
22 pages
Gateway Operations Guide
No ratings yet
Gateway Operations Guide
198 pages
RecoverPoint 5.1 Customer Installation and Upgrade Guide
No ratings yet
RecoverPoint 5.1 Customer Installation and Upgrade Guide
42 pages
IEM V9.1 Power QSG
No ratings yet
IEM V9.1 Power QSG
2 pages
Symantec Endpoint Protection Quick Start: Updated: December 2020
No ratings yet
Symantec Endpoint Protection Quick Start: Updated: December 2020
9 pages
DLP 930 PG TP000036-a00 En-Us 2
No ratings yet
DLP 930 PG TP000036-a00 En-Us 2
186 pages