Before you begin

Pre-requisites for installing the agent.

Note: Before installing and setting up the agent, verify that the antivirus software allows doing so and that the agent can communicate with Amazon Web Services. Also open the required ports.

Anti-Virus Software

Some anti virus software may flag the agent. If installing alongside other 3rd party security tools, then you will need to consider adding the following executables and exclusions to the allow list of your antivirus software to ensure there are no cross conflicts.

Note in all cases ensure that:

The specified file or folder is bypassed from all scans.
Include any child processes when specifying .exe

For Windows

Filename	Folder
setwebconnectivitymode.exe	%programfiles%\Forcepoint\Neo\EP
fpneoxengine.exe	%programfiles%\Forcepoint\Neo\EP \Forcepoint\Neo\EP
fpneotextextractor.exe	%programfiles%\Forcepoint\Neo\EP \Forcepoint\Neo\EP
fpneostophdrv.exe	%programfiles%\Forcepoint\Neo\EP
fpneoprotectionsvc.exe	%programfiles%\Forcepoint\Neo\EP
fpneologscollector.exe	%programfiles%\Forcepoint\Neo\EP
fpneodiagnostic.exe	%programfiles%\Forcepoint\Neo\EP
fpneocommonsvc.exe	%programfiles%\Forcepoint\Neo\EP
fpneoclient.exe	%programfiles%\Forcepoint\Neo\ep
fpneonetworksvc.exe	%programfiles%\Forcepoint\Neo\NC
PaisOOP.exe	%programfiles%\Forcepoint\DLP
EndPointClassifier.exe	%programfiles%\Forcepoint\DLP
tstxtract.exe	%programfiles%\Forcepoint\DLP\FilterSDK
tstxtractOrig.exe	%programfiles%\Forcepoint\DLP\FilterSDK
filter.exe	%programfiles%\Forcepoint\DLP\FilterSDK
filterOrig.exe	%programfiles%\Forcepoint\DLP\FilterSDK
filtertest.exe	%programfiles%\Forcepoint\DLP\FilterSDK
FilterTestDotNet.exe	%programfiles%\Forcepoint\DLP\FilterSDK
kvoop.exe	%programfiles%\Forcepoint\DLP\FilterSDK
wsdecrypt.exe	%programfiles%\Forcepoint\DLP
WDEUtil.exe	%programfiles%\Forcepoint\DLP
wepsvc.exe	%programfiles%\Forcepoint\DLP
PAEXT.exe	%programfiles%\Forcepoint\DLP
openssl.exe	%programfiles%\Forcepoint\Neo\NC\bin
7za.exe	%programfiles%\Forcepoint\DLP
python.exe	%programfiles%\Forcepoint\DLP
wininst-6.exe	%programfiles%\Forcepoint\DLP\Scripts\Lib\distutils\command
wininst-7.1.exe	%programfiles%\Forcepoint\DLP\Scripts\Lib\distutils\command
installer.exe	%programfiles(x86)%\Forcepoint
fpepdc.sys	%systemroot%\system32\drivers\
fpepdci.sys	%systemroot%\system32\drivers\
fpepflt.sys	%systemroot%\system32\drivers\
fpeph.sys	%systemroot%\system32\drivers\

In addition to the above Files, Forcepoint recommends that the following file folders are also bypassed:

Folder

%programfiles%\Forcepoint\

%programfiles(x86)%\Forcepoint\

%programdata%\Forcepoint\

For macOS:

com.forcepoint.neo.es
com.forcepoint.neo.ne
fpneoprotectiond
fpneonetworkd
fpneocommond
com.forcepoint.neo.privilege-helper
fpneotextextractor
fpneoxengine

The log locations should be added into scanning exclusions for any anti virus or third-party monitoring software. The following is the list of log locations:

Main Installation Folder: /Library/Application Support/Forcepoint/
NC Logs: /var/log/Forcepoint/NEO/NC/
Crash Reports: /Library/Logs/DiagnosticReports/
Installation Log: /var/log/install.log
Uninstall Log: /Library/Logs/Forcepoint/Neo/uninstall/uninstall.log
Classifier Install: /var/log/WebsenseEndpoint

Bypasses for Security Filtering and/or Firewalls

The agent communicates with the Amazon Web Services (AWS) Cloud Services. If you have a proxy or a special network, ensure that the agent can connect to the following URLs based on the tenant region. You can find the tenant region using the Forcepoint ONE Data Security > user icon > Tenant information > Region.

Note: If the endpoint must communicate through a Proxy then add the Proxy settings via Settings > Endpoint > General > Endpoint connectivity to Neo cloud platform > Add proxy. The Proxy setting must be added before downloading the agent installation package to ensure it will contain the updated configuration.

If the endpoint is accessing the internet via a Security Filtering appliance or Internet proxy then the following URLS must be added to the allow list:

Table 1. List of Regions/URLs
Region	URLs
us-east-1	Register: https://register-device.beta.us-east-1.dup.forcepoint.io
	Credentials: https://c1c2sj3lm55h1g.credentials.iot.us-east-1.amazonaws.com/
	Reporting/notifications: wss://a8wj55vrq7x0p-ats.iot.us-east-1.amazonaws.com:443
	Presigned URL: https://store-forensic.beta.us-east-1.dup.forcepoint.io
	Uploading/downloading: https://tenants-t01-beta-3srwwr63ykr6r3ydmw59ymfhtmk96use1a-s3alias.s3.amazonaws.com
	Certificate revocation list (CRLs): http://crl.sca1b.amazontrust.com/sca1b.crl http://crl.rootca1.amazontrust.com/rootca1.crl http://ocsp.sca1b.amazontrust.com http://ocsp.rootca1.amazontrust.com ocsp.comodoca.com crt.sectigo.com
eu-central-1	Register: https://register-device.prd01.eu-central-1.dup.forcepoint.io
	Credentials: https://c1c2sj3lm55h1g.credentials.iot.eu-central-1.amazonaws.com
	Reporting/notifications: wss://a8wj55vrq7x0p-ats.iot.eu-central-1.amazonaws.com:443
	Presigned URL: https://store-forensic.prd01.eu-central-1.dup.forcepoint.io
	Uploading/downloading: https://tenants-t01-prd01-m5g5n75bpb8yrofozxzdbyrxko47seuc1a-s3alias.s3.eu-central-1.amazonaws.com
	Certificate revocation list (CRLs): http://crl.sca1b.amazontrust.com/sca1b.crl http://crl.rootca1.amazontrust.com/rootca1.crl http://ocsp.sca1b.amazontrust.com http://ocsp.rootca1.amazontrust.com ocsp.comodoca.com crt.sectigo.com
ap-south-1	Register: https://register-device.prd01.ap-south-1.dup.forcepoint.io
	Credentials: https://c1c2sj3lm55h1g.credentials.iot.ap-south-1.amazonaws.com/
	Reporting/notifications: wss://a8wj55vrq7x0p-ats.iot.ap-south-1.amazonaws.com:443
	Presigned URL: https://store-forensic.prd01.ap-south-1.dup.forcepoint.io
	Uploading/downloading: https://tenants-t01-prd01-664qkd1b8n55mhrhqhreemkqpm14eaps3a-s3alias.s3.ap-south-1.amazonaws.com
	Certificate revocation list (CRLs): http://crl.sca1b.amazontrust.com/sca1b.crl http://ocsp.sca1b.amazontrust.com http://ocsp.sca1b.amazontrust.com http://ocsp.rootca1.amazontrust.com ocsp.comodoca.com crt.sectigo.com