Data Loss Prevention

 View Only
  • 1.  DLP 15.5 and Endpoint Agents 14.6

    Broadcom Employee
    Posted May 08, 2020 04:07 PM
    Hi,

    I am working in a DLP platform upgrade. From 14.6 to 15.5. Currently the DLP Endpoint Servers have more that 25k agents with version 14.6 and 1k with 14.0, 12.5 and 11 inclusive.

    According to the Admin Guide (15.5), 14.6 agents will display a Warning messages on Enforce that says that "The features available in the Enforce and Endpoint Server are not available for agents with a Warning agent alert.". What does thats mean?

    - Endpoint agents 14.6 will not generate incidents?
    - Only new features, that currently are not configure, will not work?

    The idea is to install a fresh infraestructure on 15.5 and do that those 25k agents point out to the new Endpoint servers. And then, upgrade the agents gradually.

    Thanks in advance for you comments.

    ------------------------------
    Alex Chavez
    ------------------------------


  • 2.  RE: DLP 15.5 and Endpoint Agents 14.6

    Broadcom Employee
    Posted Jun 30, 2020 06:48 PM
      |   view attached
    Hi Alex,

    A warning status, in general, means the DLP agent has experienced some condition that might require attention.  Ordinarily with a warning status, the agent should still be communicating with its detection server and reporting incidents; however, the note you are asking about in the admin guide "The features available in the Enforce and Endpoint Server are not available for agents with a Warning agent alert" pertains to the specific condition where DLP agent version is one or more version older than the Enforce server.  If the version discrepancy is greater than one version, the old DLP agent will not be compatible with the latest DLP features and should be updated.

    I pulled open the DLP 15.5 Upgrade guide, which on page 54 under the section of upgrading Symantec DLP Agents, contains the note "You cannot run a version 12.x DLP Agent with a 15.5 Endpoint Server. Endpoint Servers are backward-compatible with a DLP Agent for one full release. For example, a version 15.5 Endpoint Server and a version 14.x DLP Agent are compatible."

    Also take a look on page 23 of the upgrade guide that summarizes the backward compatibility for agent upgrades (table 1-6).  If the Enforce Server and Endpoint Server versions are 15.5, then the 14.6 agent version will have this behavior:
    Agents and the Endpoint Server send incidents based on existing policies that were configured before the upgrade. Policies and configuration settings can be sent to agents. However, new policy rules introduced in a given release are not supported by earlier agents; in general, new policy rules are supported by the same agent version in which the rule is introduced.
    Note: Version 12.5.x agents display on the Agent Overview screen. However, you cannot complete maintenance or troubleshooting steps for them, and policies and configuration settings cannot be sent to them and incidents are not received. Upgrade these agents to version 14.0 then to version 15.5.


    Attachment(s)