Before you begin

Pre-requisites for installing the agent.

Note: Before installing the agent, ensure any of your Endpoint Security/Protection Platforms, such as AV/EDR policies allow the installer and agent runtime to run and create outbound connections. The agent connects to AWS Cloud Services using mutual TLS (mTLS); TLS inspection or certificate substitution must be disabled. The AWS IoT connection uses MQTT over WebSockets (WSS) on TCP 443, so WebSocket traffic must be allowed and not intercepted.

Required Exclusions

Some Endpoint Security/Protection Platforms may flag the agent. If installing alongside other 3rd party security tools, then you will need to consider adding the following executables and exclusions to the allow list of your antivirus software to ensure there are no cross conflicts.

Note:

In all cases ensure that:

The specified file or folder is bypassed from all scans.
Include any child processes when specifying .exe.

For Windows

Filename	Folder
setwebconnectivitymode.exe	%programfiles%\Forcepoint\Neo\EP
fpneoxengine.exe	%programfiles%\Forcepoint\Neo\EP \Forcepoint\Neo\EP
fpneotextextractor.exe	%programfiles%\Forcepoint\Neo\EP \Forcepoint\Neo\EP
fpneostophdrv.exe	%programfiles%\Forcepoint\Neo\EP
fpneoprotectionsvc.exe	%programfiles%\Forcepoint\Neo\EP
fpneologscollector.exe	%programfiles%\Forcepoint\Neo\EP
fpneodiagnostic.exe	%programfiles%\Forcepoint\Neo\EP
fpneocommonsvc.exe	%programfiles%\Forcepoint\Neo\EP
fpneoclient.exe	%programfiles%\Forcepoint\Neo\ep
fpneonetworksvc.exe	%programfiles%\Forcepoint\Neo\NC
PaisOOP.exe	%programfiles%\Forcepoint\DLP
EndPointClassifier.exe	%programfiles%\Forcepoint\DLP
tstxtract.exe	%programfiles%\Forcepoint\DLP\FilterSDK
tstxtractOrig.exe	%programfiles%\Forcepoint\DLP\FilterSDK
filter.exe	%programfiles%\Forcepoint\DLP\FilterSDK
filterOrig.exe	%programfiles%\Forcepoint\DLP\FilterSDK
filtertest.exe	%programfiles%\Forcepoint\DLP\FilterSDK
FilterTestDotNet.exe	%programfiles%\Forcepoint\DLP\FilterSDK
kvoop.exe	%programfiles%\Forcepoint\DLP\FilterSDK
wsdecrypt.exe	%programfiles%\Forcepoint\DLP
WDEUtil.exe	%programfiles%\Forcepoint\DLP
wepsvc.exe	%programfiles%\Forcepoint\DLP
PAEXT.exe	%programfiles%\Forcepoint\DLP
openssl.exe	%programfiles%\Forcepoint\Neo\NC\bin
7za.exe	%programfiles%\Forcepoint\DLP
python.exe	%programfiles%\Forcepoint\DLP
wininst-6.exe	%programfiles%\Forcepoint\DLP\Scripts\Lib\distutils\command
wininst-7.1.exe	%programfiles%\Forcepoint\DLP\Scripts\Lib\distutils\command
installer.exe	%programfiles(x86)%\Forcepoint
fpepdc.sys	%systemroot%\system32\drivers\
fpepdci.sys	%systemroot%\system32\drivers\
fpepflt.sys	%systemroot%\system32\drivers\
fpeph.sys	%systemroot%\system32\drivers\

In addition to the above Files, Forcepoint recommends that the following file folders are also bypassed:

Folder

%programfiles%\Forcepoint\

%programfiles(x86)%\Forcepoint\

%programdata%\Forcepoint\

For macOS:

com.forcepoint.neo.es
com.forcepoint.neo.ne
fpneoprotectiond
fpneonetworkd
fpneocommond
com.forcepoint.neo.privilege-helper
fpneotextextractor
fpneoxengine

The log locations should be added into scanning exclusions for any anti virus or third-party monitoring software. The following is the list of log locations:

Main Installation Folder: /Library/Application Support/Forcepoint/
NC Logs: /var/log/Forcepoint/NEO/NC/
Crash Reports: /Library/Logs/DiagnosticReports/
Installation Log: /var/log/install.log
Uninstall Log: /Library/Logs/Forcepoint/Neo/uninstall/uninstall.log
Classifier Install: /var/log/WebsenseEndpoint

Bypasses for Security Filtering and/or Firewalls

The agent communicates with the Amazon Web Services (AWS) Cloud Services. If you have a proxy or a special network, ensure that the agent can connect to the following URLs based on the tenant region. You can find the tenant region using the Forcepoint Data Security Cloud | DLP > user icon > Tenant information > Region.

Note: If the endpoint must communicate through a Proxy then add the Proxy settings via Settings > Endpoint > General > Endpoint connectivity to Neo cloud platform > Add proxy. The Proxy setting must be added before downloading the agent installation package to ensure it will contain the updated configuration.

If the endpoint is accessing the internet via a Security Filtering appliance or Internet proxy then the following URLS must be added to the allow list:

Table 1. List of Regions/URLs
Region	Purpose	URLs
us-east-1	Registration	https://register-device.beta.us-east-1.dup.forcepoint.io
	Credentials	https://c1c2sj3lm55h1g.credentials.iot.us-east-1.amazonaws.com/
	Reporting/notifications	wss://a8wj55vrq7x0p-ats.iot.us-east-1.amazonaws.com:443
	Presigned URL	https://store-forensic.beta.us-east-1.dup.forcepoint.io
	Uploading/downloading	https://tenants-t01-beta-3srwwr63ykr6r3ydmw59ymfhtmk96use1a-s3alias.s3.amazonaws.com
	Certificate revocation list (CRLs):	http://crl.sca1b.amazontrust.com/sca1b.crl http://crl.rootca1.amazontrust.com/rootca1.crl http://ocsp.sca1b.amazontrust.com http://ocsp.rootca1.amazontrust.com ocsp.comodoca.com crt.sectigo.com
eu-central-1	Registration	https://register-device.prd01.eu-central-1.dup.forcepoint.io
	Credentials	https://c1c2sj3lm55h1g.credentials.iot.eu-central-1.amazonaws.com
	Reporting/notifications	wss://a8wj55vrq7x0p-ats.iot.eu-central-1.amazonaws.com:443
	Presigned URL	https://store-forensic.prd01.eu-central-1.dup.forcepoint.io
	Uploading/downloading	https://tenants-t01-prd01-m5g5n75bpb8yrofozxzdbyrxko47seuc1a-s3alias.s3.eu-central-1.amazonaws.com
	Certificate revocation list (CRLs)	http://crl.sca1b.amazontrust.com/sca1b.crl http://crl.rootca1.amazontrust.com/rootca1.crl http://ocsp.sca1b.amazontrust.com http://ocsp.rootca1.amazontrust.com ocsp.comodoca.com crt.sectigo.com
ap-south-1	Registration	https://register-device.prd01.ap-south-1.dup.forcepoint.io
	Credentials	https://c1c2sj3lm55h1g.credentials.iot.ap-south-1.amazonaws.com/
	Reporting/notifications	wss://a8wj55vrq7x0p-ats.iot.ap-south-1.amazonaws.com:443
	Presigned URL	https://store-forensic.prd01.ap-south-1.dup.forcepoint.io
	Uploading/downloading	https://tenants-t01-prd01-664qkd1b8n55mhrhqhreemkqpm14eaps3a-s3alias.s3.ap-south-1.amazonaws.com
	Certificate revocation list (CRLs)	http://crl.sca1b.amazontrust.com/sca1b.crl http://ocsp.sca1b.amazontrust.com http://ocsp.sca1b.amazontrust.com http://ocsp.rootca1.amazontrust.com ocsp.comodoca.com crt.sectigo.com
ap-southeast-1	Registration	https://register-device.prd01.ap-southeast-1.dup.forcepoint.io
	Credentials	https://c1c2sj3lm55h1g.credentials.iot.ap-southeast-1.amazonaws.com
	Reporting/notifications	wss://a8wj55vrq7x0p-ats.iot.ap-southeast-1.amazonaws.com:443
	Presigned URL	https://store-forensic.prd01.ap-southeast-1.dup.forcepoint.io
	Uploading/downloading	https://tenants-t01-prd01-wkkfydbjxcnutg4saeg6akejid7kgaps1a-s3alias.s3.ap-southeast-1.amazonaws.com
	Certificate revocation list (CRLs)	http://crl.sca1b.amazontrust.com/sca1b.crl http://crl.rootca1.amazontrust.com/rootca1.crl http://ocsp.sca1b.amazontrust.com http://ocsp.rootca1.amazontrust.com ocsp.comodoca.com crt.sectigo.com