You can use content filters to configure application access prior to performing F1E upgrades and allow for silent installations.
In order to suppress any dialogs related to the fpneone process on F1E v22.12 and later (for example, dialogs such as "Forcepoint F1E NE App" Would Like to Add Proxy
Configurations"), Forcepoint recommends that you perform the following prior to an upgrade of F1E:
Steps
-
In the Jamf Pro server, on the Privacy Preferences Policy Control tab, define the following component for application access:
- Identifier: com.forcepoint.ne-app
- Identifier Type: Bundle ID
- Code Requirement: identifier "com.forcepoint.ne-app" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate
leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "C489D5E8E8"
-
Allow access and then push out the policy.
-
To deploy a profile to the endpoint by configuring the Content Filter payload and adding the proxy configurations automatically, do the following:
-
Open the Privacy Preferences Policy Control (PPPC) Utility in Jamf and identify the app Identifier and its Code
information.
For example, in the below screenshot, the identifier is "com.forcepoint.ne-app" and the code is "identifier "com.forcepoint.ne-app" and anchor apple generic and
certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] =
C489D5E8E8".
-
Create a new profile or to edit an existing PPPC/KEXT profile in Jamf Pro, select Configuration Profiles in Computers, and
choose the Forcepoint DLP Endpoint PPPC profile.mobileconfig file.
-
In Options, select Content Filter.
-
In Identifier, enter the app Identifier name.
-
Ensure Socket Filter is enabled, and enter the identifier name in the Socket Filter Bundle Identifier field and the code
value in the Socket Filter Designated Requirement field.
-
Ensure Network Filter is enabled, and enter the identifier name in the Network Filter Bundle Identifier field and the code
value in the Network Filter Designated Requirement field.
A new proxy setting is added and enabled, and no dialog appears during the installation.