Windows Store applications
The following instructions apply only to Windows Store applications, and do not apply to Windows 8/8.1 desktop applications. For instructions on how to monitor Windows 8/8.1 desktop applications, see the section above, Windows desktop applications.
To monitor file access on Windows 8 Store applications, you must first add RuntimeBroker.exe as an endpoint application and monitor file access on this application. The endpoint monitors all Windows Store applications accessing files through the runtime broker and not just the designated app. RuntimeBroker.exe is a Windows desktop application, so follow the instructions in Windows desktop applications to add this as an endpoint application.
For Windows 8.1 Store applications, you must add RuntimeBroker.exe, BulkOperationHost.exe, and FileManager.exe.
For Windows 10 Store applications, you must add RuntimeBroker.exe, BulkOperationHost.exe, FileManager.exe, and DataExchangeHost.exe.
To import Windows 8 Store applications, select Main > Resources > Applications > New Application. See Endpoint Applications.
Windows 8 Store applications are identified by their application name. You should use this name in the executable name field on this screen. Wildcards are supported.
- Open PowerShell (run as administrator if you want to collect Windows 8 Store applications for all users, or run as the current user if you want to collect applications for the current user).
- Run the command “Get-AppXpackage -Allusers” to list applications for all users (requires you to run PowerShell as administrator).
or
Run the command “Get-AppXpackage” to list applications for the current user.
- Find the application name located in either the Name field or PackageFullName field.
- When entering the value from the Name field into Forcepoint DLP, you must add the wildcard “*” after the application name (e.g., microsoft.microsoftonedrive*). This method allows for greater flexibility when the application version changes.
- When entering the value from the PackageFullName field into Forcepoint DLP, no wildcard is necessary, but you will need to update the value if the application version changes.