The first part of your issue, deleting agents from the console. In order to delete agents from DB, you have to do it from the console, and I don't see an issue with this method; you can select 1000 agent at a time and delete. Potentially, you could set the IsDeleted flag on agents in the DB to as many as you wanted, but you will have to know which ones; you could create a query to select all Windows 7 machines, for instance. But, you could screw up your DLP and Symantec will not assist with that.
Second part of your issue, disabling agents temporary, that is not possible. Either you disable them, or not, you cannot disable an agent for certain amount of time. You can potentially disable the Tamper protection in the Agent configuration from the console, then you can do whatever you want with registry settings. You could use the Agent tools as well to disable agent, but I am not sure if you could run those commands as a script or GPO, that will be on you. Once tamper protection is disabled, the you could potentially change the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EDPA Start Reg_DWord to 4 (disabled); default is set to 2 (automatically).
Note: Proceed wat your own risk.
Good luck,
A.C.
Original Message:
Sent: 11-23-2020 08:35 AM
From: Grzegorz Wierzbicki
Subject: How to disable & remove DLP agents from Enforce console externally
Hello
I would like to be able to disable DLP agent on an endpoint and remove dlp agent from the Enforce console, both - without using standard method - via Enforce console. Can this be achieved somehow? I checked API documentation, but it is mostly about incidents, not about the thing I want.
I need that because I have many computers to administer and I don't want to delete manually few thousand computers manually in the console... As far as disabling DLP is concerned - I want to give Regional Support temporary exception, so they can do backups/reimage with DLP disabled (if enabled, backup/reimage takes 8 hours instead of 1 like it used to be).
thanks!