Before you begin

Pre-requisites for installing the agent.

Note: Before installing and setting up the agent, verify that the antivirus software allows doing so and that the agent can communicate with Amazon Web Services. Also open the required ports.

Anti-Virus Software

Some anti virus software may flag the agent. If installing alongside other 3rd party security tools, then you will need to consider adding the following executables and exclusions to the allow list of your antivirus software to ensure there are no cross conflicts.

Note in all cases ensure that:

  • The specified file or folder is bypassed from all scans.
  • Include any child processes when specifying .exe

For Windows

Filename Folder
setwebconnectivitymode.exe %programfiles%\Forcepoint\Neo\EP
fpneoxengine.exe %programfiles%\Forcepoint\Neo\EP \Forcepoint\Neo\EP
fpneotextextractor.exe %programfiles%\Forcepoint\Neo\EP \Forcepoint\Neo\EP
fpneostophdrv.exe %programfiles%\Forcepoint\Neo\EP
fpneoprotectionsvc.exe %programfiles%\Forcepoint\Neo\EP
fpneologscollector.exe %programfiles%\Forcepoint\Neo\EP
fpneodiagnostic.exe %programfiles%\Forcepoint\Neo\EP
fpneocommonsvc.exe %programfiles%\Forcepoint\Neo\EP
fpneoclient.exe %programfiles%\Forcepoint\Neo\ep
fpneonetworksvc.exe %programfiles%\Forcepoint\Neo\NC
PaisOOP.exe %programfiles%\Forcepoint\DLP
EndPointClassifier.exe %programfiles%\Forcepoint\DLP
tstxtract.exe %programfiles%\Forcepoint\DLP\FilterSDK
tstxtractOrig.exe %programfiles%\Forcepoint\DLP\FilterSDK
filter.exe %programfiles%\Forcepoint\DLP\FilterSDK
filterOrig.exe %programfiles%\Forcepoint\DLP\FilterSDK
filtertest.exe %programfiles%\Forcepoint\DLP\FilterSDK
FilterTestDotNet.exe %programfiles%\Forcepoint\DLP\FilterSDK
kvoop.exe %programfiles%\Forcepoint\DLP\FilterSDK
wsdecrypt.exe %programfiles%\Forcepoint\DLP
WDEUtil.exe %programfiles%\Forcepoint\DLP
wepsvc.exe %programfiles%\Forcepoint\DLP
PAEXT.exe %programfiles%\Forcepoint\DLP
openssl.exe %programfiles%\Forcepoint\Neo\NC\bin
7za.exe %programfiles%\Forcepoint\DLP
python.exe %programfiles%\Forcepoint\DLP
wininst-6.exe %programfiles%\Forcepoint\DLP\Scripts\Lib\distutils\command
wininst-7.1.exe %programfiles%\Forcepoint\DLP\Scripts\Lib\distutils\command
installer.exe %programfiles(x86)%\Forcepoint
fpepdc.sys %systemroot%\system32\drivers\
fpepdci.sys %systemroot%\system32\drivers\
fpepflt.sys %systemroot%\system32\drivers\
fpeph.sys %systemroot%\system32\drivers\

In addition to the above Files, Forcepoint recommends that the following file folders are also bypassed:

Folder
%programfiles%\Forcepoint\
%programfiles(x86)%\Forcepoint\
%programdata%\Forcepoint\

For macOS:

  • com.forcepoint.neo.es
  • com.forcepoint.neo.ne
  • fpneoprotectiond
  • fpneonetworkd
  • fpneocommond
  • com.forcepoint.neo.privilege-helper
  • fpneotextextractor
  • fpneoxengine
The log locations should be added into scanning exclusions for any anti virus or third-party monitoring software. The following is the list of log locations:
  • Main Installation Folder: /Library/Application Support/Forcepoint/
  • NC Logs: /var/log/Forcepoint/NEO/NC/
  • Crash Reports: /Library/Logs/DiagnosticReports/
  • Installation Log: /var/log/install.log
  • Uninstall Log: /Library/Logs/Forcepoint/Neo/uninstall/uninstall.log
  • Classifier Install: /var/log/WebsenseEndpoint

Bypasses for Security Filtering and/or Firewalls

  • The agent communicates with the Amazon Web Services (AWS) Cloud Services. If you have a proxy or a special network, ensure that the agent can connect to the following URLs based on the tenant region. You can find the tenant region using the Forcepoint ONE Data Security > user icon > Tenant information > Region.
Note: If the endpoint must communicate through a Proxy then add the Proxy settings via Settings > Endpoint > General > Endpoint connectivity to Neo cloud platform > Add proxy. The Proxy setting must be added before downloading the agent installation package to ensure it will contain the updated configuration.

If the endpoint is accessing the internet via a Security Filtering appliance or Internet proxy then the following URLS must be added to the allow list:

Table 1. List of Regions/URLs
Region Purpose URLs
us-east-1 Registration https://register-device.beta.us-east-1.dup.forcepoint.io
Credentials https://c1c2sj3lm55h1g.credentials.iot.us-east-1.amazonaws.com/
Reporting/notifications wss://a8wj55vrq7x0p-ats.iot.us-east-1.amazonaws.com:443
Presigned URL https://store-forensic.beta.us-east-1.dup.forcepoint.io
Uploading/downloading https://tenants-t01-beta-3srwwr63ykr6r3ydmw59ymfhtmk96use1a-s3alias.s3.amazonaws.com
Certificate revocation list (CRLs):
eu-central-1 Registration https://register-device.prd01.eu-central-1.dup.forcepoint.io
Credentials https://c1c2sj3lm55h1g.credentials.iot.eu-central-1.amazonaws.com
Reporting/notifications wss://a8wj55vrq7x0p-ats.iot.eu-central-1.amazonaws.com:443
Presigned URL https://store-forensic.prd01.eu-central-1.dup.forcepoint.io
Uploading/downloading https://tenants-t01-prd01-m5g5n75bpb8yrofozxzdbyrxko47seuc1a-s3alias.s3.eu-central-1.amazonaws.com
Certificate revocation list (CRLs)
ap-south-1 Registration https://register-device.prd01.ap-south-1.dup.forcepoint.io
Credentials https://c1c2sj3lm55h1g.credentials.iot.ap-south-1.amazonaws.com/
Reporting/notifications wss://a8wj55vrq7x0p-ats.iot.ap-south-1.amazonaws.com:443
Presigned URL https://store-forensic.prd01.ap-south-1.dup.forcepoint.io
Uploading/downloading https://tenants-t01-prd01-664qkd1b8n55mhrhqhreemkqpm14eaps3a-s3alias.s3.ap-south-1.amazonaws.com
Certificate revocation list (CRLs)
ap-southeast-1 Registration https://register-device.prd01.ap-southeast-1.dup.forcepoint.io
Credentials https://c1c2sj3lm55h1g.credentials.iot.ap-southeast-1.amazonaws.com
Reporting/notifications wss://a8wj55vrq7x0p-ats.iot.ap-southeast-1.amazonaws.com:443
Presigned URL https://store-forensic.prd01.ap-southeast-1.dup.forcepoint.io
Uploading/downloading https://tenants-t01-prd01-wkkfydbjxcnutg4saeg6akejid7kgaps1a-s3alias.s3.ap-southeast-1.amazonaws.com

Certificate revocation list (CRLs)