Installing the endpoint (Classic Proxy Connect and Direct Connect)

To deploy the endpoint client manually to end users on a single machine:

Steps

  1. Navigate to the Web > Settings > Endpoint page.
  2. On the General tab, if you have roaming users who are not synchronized to the cloud service and wish to assign them to a particular policy once they browse via the endpoint, select a default policy from the Policy drop-down list. Click Save.
  3. Under Deployment Settings, click Set Anti-Tampering Password.
    This anti-tampering password is not used when Neo is deployed. Neo uses a release code configured in the Neo management portal. See the instructions provided in the Settings section of the Forcepoint Dynamic User Protection Help.
  4. Enter and confirm your anti-tampering password, then click Submit.
  5. Under Endpoint Client Download, select Mac from the Platform drop-down list and click Download to download the endpoint zip file.
  6. On the End User Control tab, enter users or select groups, policies, or connections who are allowed to disable the endpoint on their machines. You may wish to do this if your users are working in a location that blocks web traffic to the cloud service. Note that this option can introduce vulnerabilities: if enabled, it permits end users to circumvent the protections offered by the endpoint software.
    • To specify end users who can disable the endpoint client, enter each user email address on a separate line in the Users field.
    • To select groups, policies, or connections who can disable the endpoint client, click the item you want in the Available field, then click > to move it to the Selected field. Use the Ctrl key to select multiple items.
    • Click Save when done.
  7. (Classic Proxy Connect only) If you want the Classic Proxy Connect endpoint client to use port 80 for proxying and PAC file retrieval, do the following before installation:
    • Ask your endpoint support representative to add the “Send HWS endpoint to port 80” template to your account. You can add this template globally, or to specific policies.
    • Look at the endpoint client files, and locate the endpoint.pkg and HWSConfig.xml files. The latter is specific to your account. The files must reside in the same directory for the endpoint to successfully install.
    • In the HWSConfig file, make the following change:

      Change this:

      <PACFile URL="http:// webdefence.global.blackspider.com:8082/proxy.pac" />

      To this:

      <PACFile URL="http:// pac.webdefence.global.blackspider.com/proxy.pac" />

    By applying this template, you will also move to port 80 any Proxy Connect endpoints that are already installed.

  8. Double-click the endpoint package to open an introductory screen for the installer. Click Continue for step-by-step instructions on the installation process.
  9. When you reach the “Standard install on Macintosh HD” screen, click Install to begin the installation process.
    You must install the endpoint on the local hard disk. You can change the installation location on this screen by clicking Change Install Location...
  10. Enter a user name and password for a user with administrator rights to install the software.

    If the installation process fails, check that the HWSConfig.xml file is present and is in the correct format if you have edited it.

  11. A confirmation screen informs you if the installation is successful. Click Close.
  12. After installation, go to System Preferences > Other.
  13. Click the icon for the endpoint program.

    This brings you to a page where you can see components for the version you have installed. You can also do the following:

    • Save Debug Logs to Desktop

      This allows your endpoint support team to quickly access all troubleshooting logs in one place. Clicking it creates an archive file on the Mac desktop beginning with ClientInfo*.zip. If you need to open a support ticket about the endpoint, include this zip file with your request.

    • Uninstall Endpoint

      See Uninstalling the endpoint from the Mac (Classic Proxy Connect and Direct Connect).