Creating the installation package from the package builder
Steps
-
(optional) If you are creating an installation package for either Forcepoint ECA or Forcepoint DLP Endpoint, complete the following preparation steps first.
If you are not creating a Forcepoint ECA or Forcepoint DLP Endpoint package, skip to step 2.
-
Forcepoint ECA
Configure Forcepoint ECA in the SMC as described in Preparing for your Forcepoint Endpoint Context Agent installation.
-
Forcepoint DLP Endpoint
Make sure you have a v8.9.x or later management server installed and functioning. You must be logged on to the Forcepoint DLP server with a Service Account before you run the package builder. Otherwise, incorrect communication keys are created and Forcepoint DLP Endpoint cannot connect to the Forcepoint DLP server.
Copy the Endpoint Classifier file from the downloaded ZIP file to the folders specified below:
- Windows 64-bit: Copy the EPA64.msi file into the C:\Program Files(x86)\Websense\Data Security\client folder.
- Mac: Copy the WebsenseEPClassifier.pkg.zip file into the C:\Program Files (x86)\Websense\Data Security\client\OS X folder. If this
folder does not exist, create it. You do not need to unzip this file. It is automatically unzipped by the package builder when it creates the new Mac installation package.Important:
Due to a compatibility issue with older Windows Endpoint Classifier files, you must use the Windows Endpoint Classifier files provided in this ZIP file when you build a Windows Forcepoint DLP Endpoint installation package using this package builder.
If you use older Windows Endpoint Classifier files, the package builder shows an error message and does not build the installation package.
-
Forcepoint ECA
-
Launch the Forcepoint F1E package builder:
- Open the ForcepointOneEndpointPackage.zip file.
-
Double-click the WebsenseEndpointPackageBuilder.exe file.
The Forcepoint F1E package builder utility extracts the required files and launches.
-
On the Select Forcepoint One Endpoint Components screen, select one or more of the following:
- Forcepoint Web Security Endpoint (requires Forcepoint Web Security). If you select Forcepoint Web Security Endpoint here, you must select an option in step 4 below.
- Forcepoint DLP Endpoint (requires Forcepoint DLP)
- Forcepoint Endpoint Context Agent (requires Forcepoint NGFW)
-
If you selected Forcepoint Web Security Endpoint, also select one of the following:
- Direct Connect Endpoint: Choose this option to create a Forcepoint Web Security Direct Connect Endpoint installation package for a full cloud deployment (requires
Forcepoint Web Security Cloud) or a hybrid cloud/onpremises deployment (requires the Forcepoint Web Security Hybrid Module).
Direct Connect Endpoint and Forcepoint ECA cannot be installed together. If you selected Forcepoint Endpoint Context Agent above, you cannot select Direct Connect Endpoint here.
- Proxy Connect Endpoint: Choose this option to create a Forcepoint Web Security Proxy Connect Endpoint installation package for a full cloud deployment (requires Forcepoint Web Security Cloud) or a hybrid cloud/onpremises deployment (requires the Forcepoint Web Security Hybrid Module).
- Remote Filtering Client: Choose this option to provide remote filtering of endpoint machines (requires Forcepoint URL Filtering).
- Direct Connect Endpoint: Choose this option to create a Forcepoint Web Security Direct Connect Endpoint installation package for a full cloud deployment (requires
Forcepoint Web Security Cloud) or a hybrid cloud/onpremises deployment (requires the Forcepoint Web Security Hybrid Module).
-
Select a language for the client components, then click Next.
In the Forcepoint Security Manager, you can change the language used for displaying messages to Forcepoint DLP Endpoint users, but the language displayed in the user interface (such as buttons, captions, and fields) can only be set during packaging.
-
On the Installation Platform and Security screen, do the following:
-
Select the operating systems (OS) on which Forcepoint F1E will be installed.
Note: You can select Windows ARM only when creating a stand-alone Forcepoint DLP Endpoint package. If you try to install a Windows ARM package on a Windows 64-bit OS, or a Windows 64-bit package on a Windows ARM OS, an error message appears stating that the installation package cannot be run on the system.
- If you are creating a stand-alone Forcepoint Web Security Endpoint package, or a mixed Forcepoint Web Security Endpoint and Forcepoint DLP Endpoint package, you can select Windows 64-bit or Mac.
- If you are creating a stand-alone Forcepoint ECA package, you can only select Windows 64-bit.Note: The Linux option is unavailable for this release.
-
Create the administrator password to be used to uninstall or modify Forcepoint F1E agents. If no password is specified, users with admin privileges can uninstall the
Forcepoint F1E software from the endpoint machines.
You can click Show characters to display the password characters while you type.
For more information about creating an anti-tampering password, see Guidelines for creating an anti-tampering password.
For security purposes, anyone who tries to modify or uninstall Forcepoint DLP Endpoint or Forcepoint Web Security Endpoint software is prompted for a password. Standalone Forcepoint ECA installations are not affected by this password.
When Forcepoint F1E contacts the management server, this password is overwritten with the password specified by an administrator on the server. Set this password in one of the following locations:
- Forcepoint DLP Endpoint: In the Data Security module of Forcepoint Security Manager, go to Settings > General > System > Endpoint, then on the General tab, select Enable endpoint administrator password and enter and confirm a password.
- Forcepoint Web Security Endpoint (Hybrid module): In the Web Security module of Forcepoint Security Manager, go to Settings > Hybrid Configuration > Hybrid User Identification, then enter and confirm a password.
- Forcepoint Web Security Endpoint (Cloud module): In the Forcepoint Cloud Security Gateway Portal, go to Web > Endpoint > Deployment Settings > Set Anti-Tampering Password, then enter and confirm a password.
Note that password hashes are stored in an encrypted file. The system does not store passwords in plain text.
Note: Customers requiring FIPS compliance can set the antitampering password during the Forcepoint DLP Endpoint installation only (Windows and Mac). The anti-tampering password cannot be set on the Forcepoint DLP server. Customers who do not require FIPS compliance are not impacted by this change. -
To enable anti-tampering, click Protect installation directory from modification or deletion. This prevents users from deleting or modifying the folder where
Forcepoint F1E is installed.
Note: Forcepoint recommends that all Forcepoint Web Security Direct Connect Endpoint installation packages enable antitampering on this screen. If anti-tampering is not enabled, some diagnostics tests do not work correctly in the Diagnostics Tool.
-
To enable the collection of telemetry data, click Collect telemetry data. When you enable this option, Forcepoint F1E collects data about the Forcepoint One
Endpoint installation (such as status) and the endpoint machine (such as OS, memory, and CPU information), then sends the data back to Forcepoint for analysis.
Important: Starting in Forcepoint F1E v20.12, the Collect telemetry data option is enabled by default.
- When you are finished, click Next.
-
Select the operating systems (OS) on which Forcepoint F1E will be installed.
-
On the Installation Path and Firefox Settings screen, do the following:
-
Specify the folder where the Forcepoint F1E software will be installed on each Windows endpoint machine. The folder path must contain only English characters.
- Use default location: The Forcepoint F1E software is installed in the default folder: \Program Files\Websense\Websense Endpoint (Windows).
- Use this location: Manually type the installation path for the Forcepoint F1E software. Environment variables are supported.
If you are creating a Mac only installation package, this screen is not shown. On Mac endpoint machines, the Forcepoint F1E software is automatically installed in the /Applications folder.
-
If you use custom Firefox preference files within your organization, select Use custom Firefox preference files.
In the Preference file name field, type the name of the custom preference file (e.g., autoconfig.js). This file should be located in C:\Program Files\Mozilla Firefox\defaults\pref\. If the custom file is not in this folder, Forcepoint F1E cannot use it.
In the Config file name field, type the name of the custom configuration file(e.g., mozilla.cfg). This file should be located in C:\Program Files\Mozilla Firefox\. If the custom file is not in this folder, Forcepoint F1E cannot use it.
Note: If you use custom Firefox preference files and do not add them here, the Forcepoint F1E installation process overwrites your custom files. -
Only for users with Mac Endpoint machines:
- Specify the default domain name of the Active Directory that the Endpoint should use when no Active Directory information is available
- Select this option if you do not want the installer to add the extensions for these browsers
-
Click Next.
At this point in the installation, the next screen shown depends on the options selected on the Select Forcepoint One Endpoint Components screen. For example, if you selected Forcepoint DLP Endpoint, the next screen is the Server Connection screen.
Follow the instructions for the individual endpoint components below, then continue with Global Settings.
-
Specify the folder where the Forcepoint F1E software will be installed on each Windows endpoint machine. The folder path must contain only English characters.