Forcepoint Web Security Endpoint software

Selecting this option allows you to configure deployment and automatic update settings. If you later deselect this option, any installed client software instances continue to work until uninstalled, though they no longer receive automatic updates.

• Click Deploy Manually if you want to install the endpoint client software by hand on individual machines or via your preferred distribution method. (This is the only option available for Mac.)

  Note the WSCONTEXT value displayed on screen. If you plan to use GPO to distribute the client software, you will use this value in your deployment script to ensure that users are correctly associated with your organization.

  Click View Files to find the appropriate client software. Select a client operating system, then click on a version of the client software to download. You can also view a PDF of the release notes for each version by clicking a release notes link. Click Close when done.

• To deploy the client software directly to Windows machines from the hybrid service, mark the Deploy the client software from the hybrid service check box.

  Choose whether the client software is deployed to all users whose requests go through the hybrid service, or only to off-site users.

  You can provide a customized message that appears to end users at the beginning of the client software download and installation process. The message can be used to reassure the user that the download is company- approved, and to provide any further information they may need. To customize the message, click Customize Installation Page, then enter your organization name and the message you want to display. Click View Sample Page to see what will appear to the end user.

  The sample page also contains the default text that is always displayed to the end user at the beginning of the download.

• Protect endpoint client software files and folders from being deleted or renamed.
• Restart the client software if it is stopped or killed.
• Require a password is required to uninstall or stop the client software.
• Prevent hybrid client software registry settings from being modified or deleted.
• Block the Service Control command to delete the client software.

Until you define an anti-tampering password, you cannot download the endpoint client installation file or enable deployment from the hybrid service.

With these selections, you ensure that client machines always have the latest version of the endpoint client software when it is available.

If you later remove the check from one or both boxes, endpoint updates will no longer be applied to client machines using that operating system. Existing endpoint installations will, however, continue to work.

Some applications do not work properly with endpoint enforcement. Application Bypass allows you to add a list of applications that may be causing problems.

• Click Add to open the Add Applications window.
• Specify the operating system for the Applications you wish to add and enter the applications in the field provided.
  • Enter a single application or a comma-separated list of applications.
  • Include the file extension for each application. If no extension is entered, the application name is treated like a regular expression.
  • An asterisk (*) wildcard can be ued in application names. For example, appl.*.
• Click Add to return to the Hybrid User Identification page and add your entry to the list.

  If there are any errors found in your entry, correct them and click Add again.

• Remove an entry in the Application Bypass list by checking the box next to the application name and clicking Delete.

Note that this feature does not work for applications that use system browser settings to determine a proxy. Also, you may need to update your endpoint deployments. End users must have at least endpoint build 1138 (Windows) or 1566 (Mac) to use application bypass.