Upgrade steps for Windows

Option 1: Auto-update

1. In the Forcepoint Security Portal, go to Web > Policy Management > Policies. Under the policy you wish to view, open the Endpoint tab.
2. Under Endpoint Installation and Enable automatic updates for these endpoint clients, select the Windows check box for either Proxy Connect or Direct Connect.
3. Click Submit.
   Important:

   The new Forcepoint F1E cannot be downgraded to the older, conventional version.

   If you auto-update to Forcepoint Web Security Endpoint v22.12 and need to downgrade to an earlier version, you must manually remove the new Forcepoint F1E version before you install the older, conventional version.

Option 2: Download a new endpoint installation package from the Forcepoint Security Portal

Customers with a full-cloud deployment (Forcepoint Web Security Cloud) can download Forcepoint Web Security Endpoint installation packages from the Forcepoint Security Portal.

1. Log on to the Forcepoint Security Portal.
2. Go to Web > Settings > Endpoint.
3. Click Set Anti-Tampering Password to set the anti-tampering password if you have not already done so. For more information about creating an anti-tamper password, see Guidelines for creating an anti-tampering password.
4. Enter and confirm your anti-tampering password, then click Submit.
5. Under Endpoint Client Download, select either the Proxy Connect or Direct Connect Endpoint type, and then select either Windows 32-bit or Windows 64- bit from the Platform drop-down menu. You can deploy a combination of Direct Connect and Proxy Connect Endpoint clients in your organization if desired. However, only one type can be installed on an individual endpoint machine.
6. Click the Available version number to download the Forcepoint Web Security Endpoint zip file.
7. When you download Forcepoint Web Security Endpoint, it should include the Websense Endpoint.msi file along with a file called HWSConfig.xml, which is specific to your account. This file needs to be in the same directory as the .msi file for the Forcepoint Web Security Endpoint agent to successfully install.
   If you wish to use Forcepoint Web Security Endpoint over port 80 for proxying and PAC file retrieval, you need to do the following before installing the Endpoint software:

   • Ask your Forcepoint support representative to add the “Send HWS endpoint to port 80” template to your account. You can add this template to specific policies or globally.
   • Change the HWSConfig line from the following:

     <PACFile URL=“http://webdefence.global.blackspider.com:8082/proxy.pac” /> to this:

     <PACFile URL=“http://pac.webdefence.global.blackspider.com/proxy.pac” />

     By applying this template, you also move any endpoint machines that are already installed to port 80.

8. Deploy the package to each endpoint machine using GPO, SMS, or a similar deployment method.

   For more information about deploying Forcepoint Web Security Endpoint, see the Installation and Deployment Guide for Forcepoint F1E.

   You do not need to uninstall the earlier version of Forcepoint Web Security Endpoint before installing v22.12 if you are upgrading from Forcepoint Web Security Endpoint v19.06.x. Versions earlier than v19.06 must be upgraded to at least v19.06 or uninstalled before this version is installed.

   Important: If you deploy Forcepoint F1E using GPO, do not restrict access to the command prompt. The Disable the command prompt script processing also? option should be set to No.
9. Restart the endpoint machine after installation is complete.

Option 3: Create a new endpoint installation package using the Forcepoint Endpoint package builder