Transcription
Symantec Data LossPrevention Installation Guidefor WindowsVersion 12.5
Symantec Data Loss Prevention Installation Guidefor WindowsThe software described in this book is furnished under a license agreement and may be usedonly in accordance with the terms of the agreement.Documentation version: 12.5eLegal NoticeCopyright 2014 Symantec Corporation. All rights reserved.Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registeredtrademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Othernames may be trademarks of their respective owners.This Symantec product may contain third party software for which Symantec is required toprovide attribution to the third party (“Third Party Programs”). Some of the Third Party Programsare available under open source or free software licenses. The License Agreementaccompanying the Software does not alter any rights or obligations you may have under thoseopen source or free software licenses. Please see the Third Party Legal Notice Appendix tothis Documentation or TPIP ReadMe File accompanying this Symantec product for moreinformation on the Third Party Programs.The product described in this document is distributed under licenses restricting its use, copying,distribution, and decompilation/reverse engineering. No part of this document may bereproduced in any form by any means without prior written authorization of SymantecCorporation and its licensors, if any.THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIEDCONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIEDWARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ORNON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCHDISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALLNOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTIONWITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THEINFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGEWITHOUT NOTICE.The Licensed Software and Documentation are deemed to be commercial computer softwareas defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software and Documentation by the U.S.Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation350 Ellis StreetMountain View, CA 94043http://www.symantec.com
Technical SupportSymantec Technical Support maintains support centers globally. Technical Support’sprimary role is to respond to specific queries about product features and functionality.The Technical Support group also creates content for our online Knowledge Base.The Technical Support group works collaboratively with the other functional areaswithin Symantec to answer your questions in a timely fashion. For example, theTechnical Support group works with Product Engineering and Symantec SecurityResponse to provide alerting services and virus definition updates.Symantec’s support offerings include the following: A range of support options that give you the flexibility to select the right amountof service for any size organization Telephone and/or Web-based support that provides rapid response andup-to-the-minute information Upgrade assurance that delivers software upgrades Global support purchased on a regional business hours or 24 hours a day, 7days a week basis Premium service offerings that include Account Management ServicesFor information about Symantec’s support offerings, you can visit our website atthe following URL:www.symantec.com/business/support/All support services will be delivered in accordance with your support agreementand the then-current enterprise technical support policy.Contacting Technical SupportCustomers with a current support agreement may access Technical Supportinformation at the following URL:www.symantec.com/business/support/Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should be atthe computer on which the problem occurred, in case it is necessary to replicatethe problem.When you contact Technical Support, please have the following informationavailable: Product release level Hardware information
Available memory, disk space, and NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description: Error messages and log files Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changesLicensing and registrationIf your Symantec product requires registration or a license key, access our technicalsupport Web page at the following URL:www.symantec.com/business/support/Customer serviceCustomer service information is available at the following URL:www.symantec.com/business/support/Customer Service is available to assist with non-technical questions, such as thefollowing types of issues: Questions regarding product licensing or serialization Product registration updates, such as address or name changes General product information (features, language availability, local dealers) Latest information about product updates and upgrades Information about upgrade assurance and support contracts Information about the Symantec Buying Programs Advice about Symantec's technical support options Nontechnical presales questions Issues that are related to CD-ROMs, DVDs, or manuals
Support agreement resourcesIf you want to contact Symantec regarding an existing support agreement, pleasecontact the support agreement administration team for your region as follows:Asia-Pacific and Japancustomercare apac@symantec.comEurope, Middle-East, and Africasemea@symantec.comNorth America and Latin Americasupportsolutions@symantec.com
ContentsTechnical Support . 4Chapter 1Planning the Symantec Data Loss Preventioninstallation . 11About installation tiers .About single sign-on .About hosted Network Prevent deployments .About Symantec Data Loss Prevention system requirements .Symantec Data Loss Prevention required items .Standard ASCII characters required for all installationparameters .Performing a three-tier installation—high-level steps .Performing a two-tier installation—high-level steps .Performing a single-tier installation—high-level steps .Symantec Data Loss Prevention preinstallation steps .Verifying that servers are ready for Symantec Data Loss Preventioninstallation .Chapter 21112131415161619202223Installing an Enforce Server . 26Installing an Enforce Server . 26Verifying an Enforce Server installation . 35Chapter 3Importing a solution pack . 37About Symantec Data Loss Prevention solution packs . 37Importing a solution pack . 38Chapter 4Installing and registering detection servers . 41About detection servers .Detection servers and remote indexers .Detection server installation preparations .Installing a detection server .Verifying a detection server installation .Registering a detection server .414444454949
ContentsChapter 5Configuring certificates for secure communicationsbetween Enforce and detection servers . 52About the sslkeytool utility and server certificates .About sslkeytool command line options .Using sslkeytool to generate new Enforce and detection servercertificates .Using sslkeytool to add new detection server certificates .Verifying server certificate usage .Chapter 65253555859Performing a single-tier installation . 61Installing a single-tier server . 61Verifying a single-tier installation . 69Chapter 7Installing Symantec DLP Agents . 71DLP Agent installation overview .About secure communications between DLP Agents and EndpointServers .Generating agent installation packages .Agent installation package contents .Working with endpoint certificates .Identify security applications running on endpoints .About Endpoint Server redundancy .Using the Elevated Command Prompt with Windows .Process to install the DLP Agent on Windows .Installing the DLP Agent for Windows manually .Installing DLP Agents for Windows silently .Confirming that the Windows agent is running .What gets installed for DLP Agents installed on Windowsendpoints .Process to install the DLP Agent on Mac .Packaging Mac agent installation files .Installing the DLP Agent for Mac manually .Installing DLP Agents on Mac endpoints silently .Confirming that the Mac agent is running .What gets installed for DLP Agents on Mac endpoints .About uninstallation passwords .Creating passwords with the password generation tool .Adding uninstallation passwords to agents .Using uninstallation passwords .Upgrading agents and uninstallation passwords .7172737577797980818282848486878990919192939394958
ContentsChapter 8Post-installation tasks . 96About post-installation tasks . 96About post-installation security configuration . 96About server security and SSL/TLS certificates . 97About Symantec Data Loss Prevention and antivirussoftware . 101Corporate firewall configuration . 103Windows security lockdown guidelines . 104Windows Administrative security settings . 105About system events and syslog servers . 112Enforce Servers and unused NICs . 112Performing initial setup tasks on the Enforce Server . 113Chapter 9Starting and stopping Symantec Data LossPrevention services . 115About Data Lost Prevention services .About starting and stopping services on Windows .Starting an Enforce Server on Windows .Stopping an Enforce Server on Windows .Starting a Detection Server on Windows .Stopping a Detection Server on Windows .Starting services on single-tier Windows installations .Stopping services on single-tier Windows installations .Chapter 10Uninstalling Symantec Data Loss Prevention . 120Uninstalling a server or component from a Windows system .About Symantec DLP Agent removal .Removing DLP Agents from Windows endpoints using systemmanagement software .Removing a DLP Agent from a Windows endpoint .Removing DLP Agents from Mac endpoints using systemmanagement software .Removing a DLP Agent from a Mac endpoint .Appendix ing
Availablememory,diskspace,andNICinformation Operatingsystem Versionandpatchlevel Networktopology Router,gateway,andIPaddressinformation Problemdescription .
