New in this version

Updated 31-Oct-2018


Applies to:	Forcepoint Web Security Cloud

Support for macOS 10.13.0 through 10.13.6 (High Sierra) and macOS 10.14

Forcepoint Web Security Proxy Connect Endpoint can now run on the macOS operating systems 10.13.0, 10.13.1, 10.13.2, 10.13.3, 10.13.4, 10.13.5, 10.13.6, and 10.14.

Starting with macOS 10.13.x, Apple prompts you for permission to apply kernel extensions.

Enabling the kernel extension

When the endpoint machine loads the Forcepoint Web Security Proxy Connect Endpoint for the first time, a window is shown to prompt you to enable the extension. You can enable the extension in System Preferences > Security & Privacy. For more information, see the User-Approved Kernel Extension Loading Technical Note from Apple.


	Note You must reboot the Mac endpoint machine after enabling the kernel extension. The Forcepoint Web Security Proxy Connect Endpoint will not work correctly until the endpoint machine reboots.

Disabling the blocked kernel extension prompt

To disable macOS from prompting the user to allow kernel extensions, complete the following steps. Please note that following these steps automatically allows all kernel extensions.

Reboot the Mac endpoint machine in Recovery mode.

From the command line, run:

spctl kext-consent disable

Reboot the Mac endpoint machine.

General Data Protection Regulation (GDPR) Compliance

Forcepoint Web Security Proxy Connect Endpoint has been updated to enable Forcepoint customers to be compliant with the new General Data Protection Regulation (GDPR), which goes into affect in the European Union in May 2018.

Forcepoint Web Security Proxy Connect Endpoint contains four log files:

Installation Log (endpoint_install.log): This log contains the installation path. This path may contain the username. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB)

Boot Error Log (proxy_boot_err.log): This log contains errors from the endpoint software start up and system details. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB)

Service Log (wepsvc.log): This log contains service status information and browser extension removal messages. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB)

Proxy Daemon Log (dlp_daemon_err.log [stderr], dlpdebug.log [stdout]): This log file contains user and connection information. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB)

Support for PAC files over HTTPS

Forcepoint Web Security Proxy Connect Endpoint now supports the delivery of PAC files over a secured communications channel (HTTPS). Activation of this feature from the Forcepoint Security Portal will be announced at a later date.

PAC file delivery over an unsecured communications channel (HTTP) is still available.

Support for latest browsers

Browsers are tested with existing versions of endpoint solutions when they become available. For a full list of supported browsers and operating systems for each endpoint version, see the Certified Product Matrix.