Create Custom Profile

The Create Profile editor can be used to create custom profiles. If the administrator wants, then they can select the Inherit default profile option provided with each widget to apply the values from the default profile.

Profile Details

Profile name: Each profile is stored using the provided name.

Description: Brief description of the profile.

Applies to:

Use this section to define the scope to exclude or include in the profile. The scope defines the endpoints or organizational units which should be subjected to this profile.

The selection list is limited to 100 entries. Use search to find additional endpoints or OUs.

In the Search option, enter the resource name, then click to add to the list for either inclusion or exclusion. You can also use the Add all or Remove all options to remove or add multiple entries. Similarly, you can use the to remove entries that were added earlier for either exclusion or inclusion.

Also, from the Select OS: option select the operating system running on the endpoint machine.

When including an OU or endpoint in the "Include" list all other OUs and endpoints are excluded. The "Exclude" list overrides the "Include" list. It is used, for example, to select an OU but exclude specific endpoints that belong to this OU.

Note: it is not possible to select the same OU or endpoint to both lists. If you include endpoints and exclude an OU they belong to, these endpoints will not be included since the exclusion of them as part of the excluded OU, overrides the inclusion.

General

Administrators can control all of the following from the General widget:
  • Displayed customer name: Set the customer name that is displayed on the Forcepoint agent console.
  • Endpoint Connectivity to Forcepoint Data Security Cloud: Allows manual configuration of proxy settings for proxies that require authentication.

Customer Logo (Applies to Default Profile Only)

You can add a custom company logo for Forcepoint Data Security Cloud | DLP agent installs using this widget.

Uploading the Logo

  1. Click Select logo to select and upload the image file.

  2. After the file explorer opens, browse and select the image you want to upload. Only PNG images of dimensions of 300 x 50 pixels and a maximum size of 50 KB are supported.

Only one logo is allowed per tenant. Uploading a new logo replaces the previous one.

The uploaded logo will appear both in the agent coaching dialog and in alert email notifications.

Updating or Removing Previously Uploaded Logo
  1. To update or remove the previously uploaded logo, click the Change logo button and upload the new logo.

Over the air updates

Displays which agent software versions are pushed to the endpoints. Values are inherited from default profile settings. Over the air updates can be enabled or disabled from the Default profile. Also, administrators can either opt for automatic updates or select specific agent versions to update from the Default profile. If Update to a specific version is selected, then the drop-down can be used to select the exact agent version of the agent to update to.

Administrators can choose to enable the option Inherit default profile if they want to inherit the settings from the default profile.

Data Protection

The Data Protection widget enables users that have Data Protection license to disable or enable it. Administrators can choose to enable the option Inherit default profile if they want to inherit the settings from the default profile.

Managed by: The data protection license applies both to On-Prem and SaaS DLP licenses. Those users who have only one of the licenses will see only the respective option (On-Premise or Cloud) under Managed by field. Users that have both the licenses will be able to select whether the profile is managed by On-Premise or Cloud.
Note: This switching is not yet supported.

This Windows agent does not support inline proxy or browser extension. It uses a different web inspection method called application and SSL hooking.

Administrators can choose to enable the option Inherit default profile if they want to inherit the settings from the default profile.

In the Default Language section, administrators can configure a default language for both custom and default profiles, displaying the end user notifications. The following languages are supported:
  • English
  • Dutch
  • French
  • German
  • Italian
  • Japanese
  • Korean
  • Portuguese
  • Russian
  • Simplified Chinese
  • Traditional Chinese
  • Spanish

Products

Lists the features available and the license requirements.

In this section, administrators can enable/disable the following products on the endpoint, if they have respective licenses:
  • Device Control
  • User Activity Monitoring
  • Neo web

If the customer does not have a license for one of the above products, the respective enable/disable toggle will be disabled.

Administrators can choose to enable the option Inherit default profile if they want to inherit the settings from the default profile.

Application Bypass

Administrators can exclude specific applications from DLP monitoring on Windows and macOS endpoints.

In the Search option, enter the application name, then click Add <app> to list to add applications to the list.

  • For Windows, enter an executable name such as chrome.exe.
  • Do not use wildcards.

Select the application name from the list and click Remove from list to remove the application.

Administrators can choose to enable the option Inherit default profile if they want to inherit the settings from the default profile.