Endpoint Applications

Forcepoint provides a list of built-in applications that you can choose to monitor on the endpoint when you set up your endpoint policy. These applications, including web applications and SaaS applications, are included in Endpoint Applications.

Use the Main > Policy Management > Resources > Endpoint Applications page to review the built-in applications and define custom applications.

To add an application, click New > Application or New > Cloud Application in the toolbar at the top of the page, then:

  1. Enter a Name for this application, such as Microsoft Word.
  2. In the Initiated by field:
    • For Windows desktop applications, enter the name of the executable file (for example, winword.exe).
    • For Mac or Windows Store apps, enter the app name (for example, Microsoft.SkypeApp* for the Windows Store Camera app).
    • For cloud applications, enter the URL.
  3. Enter a Description for this application.
  4. To associate the application with an existing application group, mark Belongs to, then select the group of interest.
  5. If enforcement is not needed for an application, mark Trusted application.

    Trusted applications are permitted to write any type of information to a removable media device, such as a USB drive. They are also permitted to copy any type of data to a remote shared drive on a network.

    Specify up to 50 trusted endpoint applications. If necessary, a trusted application can be configured to represent multiple applications. Contact Technical Support for assistance.

    There are no trusted cloud applications.

  6. Under Screen Capture, use the Action drop-down list to select the action to take when end users try to capture screens from this application.

    Screen captures are not analyzed for content. They are blocked and audited, permitted and audited, or permitted as specified here.

    Note: Screen captures cannot be blocked in macOS 11.
  7. Click OK.

The predefined (built-in) applications are identified by the application metadata. This is a very secure method of identifying application usage.

When you add applications, they are identified by their executable name. Occasionally, users try to get around being monitored by changing the executable name. For example, if you’re monitoring “winword.exe” on users’ endpoint devices, they may change the executable name to “win-word.exe” to avoid being monitored.

To add an application so that it is identified according to the application metadata, use an external utility program. For information about the utility and instructions for using it, see Importing other applications.