Disabling Forcepoint DLP Endpoint
- On the Forcepoint DLP Endpoint screen, click Disable.
- Report the bypass ID to your Forcepoint DLP administrator.
- Enter the bypass code supplied by the administrator.
- Click OK.
The Forcepoint DLP Endpoint software is disabled for the length of time specified when the bypass code was created. When the bypass protection expires, the Disabled icon (
) on the task bar updates to the Default icon (
).
Enabling Monitoring in bypass mode
When we have the endpoint set to work in bypass mode, the DLP Endpoint does not report incidents to FSM and no policies are enforced. The endpoint bypass mode might have been enabled for a fixed period of time, to allow the user to perform certain tasks which will otherwise be blocked. For example, say to allow the user to copy a file to USB.
During the time, the endpoint is operating in bypass mode, there is no way of stopping a user from doing more than what they requested the bypass for and without the reporting, security administrators have no visibility into the user actions.
To allow the security administrators to see incidents for user actions for endpoint that are in bypass mode, we need to be able to see what policies would have been triggered on an endpoint that is in bypass mode, even when the endpoint is in bypass mode. For example, say the endpoint is in bypass mode, and the user copies a file that should be blocked to a USB, but because the endpoint is in bypass mode the file copy is allowed.
The endpoint will now record the actual action (Allowed) and the action that would have occurred if not in bypass mode (blocked). This information would be sent to the FSM where it will get reported in the incident report.
Settings on the FSM to enable monitoring in bypass mode:
Security Administrators need to optionally select to monitor (report) polices violations when the Endpoint is in Bypass mode.
Set at the profile level in the "Deployment-> Endpoint Profiles" section under the "Properties" tab.