Go to the table of contents Go to the previous page You are at the end of the document View or print as PDF
Importing other applications
Endpoint Applications | Forcepoint DLP Endpoint | v8.4.x
If you want to monitor an endpoint application that is not not already provided as a template by Forcepoint, follow the instructions below. The instructions vary depending on the operating system, as well as the type of application.
*
*
*
Windows desktop applications
The following applies to Windows applications prior to Windows 8, as well as Windows 8 desktop applications. For instructions on how to monitor Windows Store applications, see the section below, Windows Store apps.
There are 2 ways to import applications onto the Forcepoint DLP server for Windows desktop applications:
1.
Selecting Main > Resources > Applications > New Application/Online Application. See Endpoint Applications.
When you add applications using this screen, they are identified by their executable name. Occasionally, users try to get around being monitored by changing the executable name. For example, if you are monitoring "winword.exe" on users' endpoint devices, they may change the executable name to "win-word.exe" to avoid being monitored.
2.
Using an external utility program, DSSRegApps.exe. This method records the application's metadata, so that Forcepoint DLP can analyze the metadata.
In other words, if the name of the application is modified by an end user, Forcepoint DLP Endpoint can still identify the application and apply policies.
 
Note 
To use the external tool to import applications in the Forcepoint DLP server:
1.
2.
3.
A message displays indicating that the application was successfully registered with the Forcepoint DLP server. The Get File Properties screen is then re-displayed with the Forcepoint DLP server fields completed, but the File Name and Display Name empty. This allows you to select additional applications to register with the Forcepoint DLP server. Continue this process until all applications are registered. When you are finished adding applications, click the Cancel button in the Get File Properties screen.
Windows Store apps
The following instructions apply only to Windows Store apps, and do not apply to Windows 8/8.1 desktop applications. For instructions on how to monitor Windows 8/8.1 desktop applications, see the section above, Windows desktop applications.
Note 
To monitor file access on Windows 8 Store apps, you must first add RuntimeBroker.exe as an endpoint application, and monitor file access on this application. For Windows 8.1 store apps, you must also add BulkOperationHost.exe and FileManager.exe. The endpoint monitors all Windows Store apps accessing files through the runtime broker and not just the designated app. RuntimeBroker.exe is a Windows desktop application, so follow the instructions in Windows desktop applications to add this as an endpoint application.
To import Windows 8 Store apps, select Main > Resources > Applications > New Application. See Endpoint Applications.
Windows 8 Store app are identified by their application name. You should use this name in the executable name field on this screen. Wildcards are supported.
To identify the application name:
1.
Open PowerShell (run as administrator if you want to collect Windows 8 Store apps for all users, or run as the current user if you want to collect apps for the current user).
2.
or
Run the command "Get-AppXpackage" to list apps for the current user.
3.
Find the application name located in either the Name field or PackageFullName field.
*
When entering the value from the Name field into Forcepoint DLP, you must add the wildcard "*" after the application name (e.g., microsoft.microsoftonedrive*). This method allows for greater flexibility when the app version changes.
*
When entering the value from the PackageFullName field into Forcepoint DLP, no wildcard is necessary, but you will need to update the value if the app version changes.
Mac Applications
To import Mac applications, select Main > Resources > Applications > New Application. See Endpoint Applications.
To find the value to enter for Mac applications:
1.
2.
3.
Open the file info.plist in the Contents folder.
4.
Look for the key(s) CFBundleName and enter the value of the string(s) under it (e.g., for "<string>Example</string>" enter "Example").
5.
If there is no key by that name, or no info.plist file, use the process(es) name(s).
If there are multiple CFBundleName keys and/or multiple string entries below the key(s), each string value must be added separately.
Very rarely, apps will launch other processes along with the main application. These processes should be added as endpoint applications as well. To know what processes belong to an app you need to see what processes are created when opening an application, for example by using Activity Monitor.
 
©2017 Forcepoint. Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint. Raytheon is a registered trademark of Raytheon Company. All other trademarks used in this document are the property of their respective owners.

Go to the table of contents Go to the previous page You are at the end of the document View or print as PDF
Copyright 2017 Forcepoint LLC. All rights reserved.