Go to the table of contents Go to the previous page Go to the next page View or print as PDF
New in this version
Updated 19-June-2018
Forcepoint Web Security Endpoint
IPv6 Compatibility Support
Forcepoint Web Security Proxy Connect Endpoint supports dual stack endpoints, so both IPv4 and IPv6 requests from an endpoint machine are handled by the Forcepoint Web Security Proxy Connect Endpoint proxy.
 
Note 
General Data Protection Regulation (GDPR) Compliance
Forcepoint Web Security Endpoint has been updated to reflect new user data retention and deletion regulations. This release enables Forcepoint customers to be compliant with the new General Data Protection Regulation (GDPR), which went into effect in the European Union in May 2018.
Forcepoint Web Security Proxy Connect Endpoint for Windows
Forcepoint Web Security Proxy Connect Endpoint for Windows contains two log files that are stored on the endpoint machine and are available in plain text (not encrypted):
*
DebugDump: This log file contains basic information about the user and endpoint machine. Administrator privileges are required to run the dbgview utility that captures the debug data. If the dbgview utility is not running or set to save to disk, no log is created. This log data is not sent back to the cloud; it is only stored on the endpoint machine.
*
SwitchProxy This log contains basic information about the user domain. Forcepoint Web Security Proxy Connect Endpoint sends user status changes (e.g., proxy enabled/disabled) to the cloud. This log data is send to the cloud through an HTTP request.
The Diagnostics Tool, available to the user via the icon on the endpoint machine, does not contain user personally identifiable information (PII).
Forcepoint Web Security Direct Connect Endpoint for Windows
Forcepoint Web Security Direct Connect Endpoint for Windows contains three log files:
*
Debug Dump (DebugDump.txt): This log file contains basic information about the user and endpoint machine. This log file is stored as a plain text, unencrypted txt file in the installation directory and can be accessed by any user who can access the folder. Logs are deleted when the endpoint software is uninstalled, or when the log limit is reached (5 logs, rotated after they reach 2MB).
For more information about deleting the Debug Dump file, see the Deleting Debug Dump Files knowledge base article (My Account log in required).
*
Audit Log (statuslog.csv): This log file contains domain/username, full URLs, and audit events. This log file is stored as an AES-encrypted csv file in the installation directory. This file is sent to the cloud over a TLS (SSL) connection to the server. The password is hardcoded into the software.
*
Statistics Log (statisticslog.csv): This log file contains statistical information about the transactions between the endpoint machine and server. This log file is stored as an AES-encrypted csv file in the installation directory. This file is sent to the cloud over a TLS (SSL) connection to the server.
The Diagnostics Tool, available to the user via the icon on the endpoint machine, does not contain user PII.
Forcepoint Web Security Proxy Connect Endpoint for Mac
Forcepoint Web Security Proxy Connect Endpoint contains four log files:
*
Installation Log (endpoint_install.log): This log contains the installation path. This path may contain the username. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
*
Boot Error Log (proxy_boot_err.log): This log contains errors from the endpoint software start up and system details. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
*
Service Log (wepsvc.log): This log contains service status information and browser extension removal messages. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
*
Proxy Daemon Log (dlp_daemon_err.log [stderr], dlpdebug.log [stdout]): This log file contains user and connection information. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
Support for macOS 10.13.0 through 10.13.5 (High Sierra)
Forcepoint Web Security Endpoint can now run on the macOS operating systems 10.13.0, 10.13.1, 10.13.2, 10.13.3, 10.13.4, and 10.13.5.
Starting with macOS 10.13.x, Apple prompts you for permission to apply kernel extensions.
Enabling the kernel extension
When the endpoint machine loads the Forcepoint Web Security Endpoint for the first time, macOS prompts you to enable the extension. You can enable the extension in System Preferences > Security & Privacy. For more information, see the User-Approved Kernel Extension Loading Technical Note from Apple.
 
Note 
Disabling the blocked kernel extension prompt
To disable macOS from prompting you to allow kernel extensions, complete the following steps. Please note that following these steps automatically allows all kernel extensions.
1.
2.
spctl kext-consent disable
3.
Forcepoint DLP Endpoint
Log viewer updates
The Log Viewer has been updated to provide additional incident details to the end user. The following columns have been added to the Log Viewer:
*
Event ID: The Event ID of the incident as recorded in Forcepoint DLP.
*
Channel: The channel on which the sensitive data was sent: Web, Email, LAN, Print, Application File Access, or Removable media.
*
Details: For the Email channel, this shows the email subject. For other channels, it is empty.
*
Destination: The recipient of the sensitive data. The destination depends on the channel. For example, the destination could be a user name, server hostname, IP address, email address.
*
Violation Triggers: The list of values that triggered the policy/rule violation.
*
Policies: The policies and rules that were violated by completing the action.
*
Maximum Matches: The maximum number of matches found.
The Log Viewer can be opened by clicking the View Log button from the Forcepoint DLP Endpoint end user interface. For more information about the Log Viewer, see the Forcepoint Endpoint End User's Guide.
Chrome Monitor-only mode
Forcepoint DLP Endpoint now supports a monitor-only mode where the endpoint software monitors user actions through the Chrome browser and analyzes and logs sensitive data, but does not block actions. Forcepoint DLP Endpoint does not show the Configuration or Block dialog windows when monitor-only mode is enabled.
To configure monitor-only mode, contact Forcepoint Support.
General Data Protection Regulation (GDPR) Compliance
Forcepoint DLP Endpoint has been updated to reflect new user data retention and deletion regulations. This release enables Forcepoint customers to be compliant with the new General Data Protection Regulation (GDPR), which went into effect in the European Union in May 2018.
Forcepoint DLP Endpoint for Windows
Forcepoint DLP Endpoint for Windows contains one log file:
*
Log Viewer log: This log contains information about every incident captured on the endpoint machine. This log file requires the Log Viewer to open the log in a human-readable format. Administrators can view the logs for all users, but non-admin users can only view their own logs. This log file is deleted when the user uninstalls the endpoint software.
Forcepoint DLP Endpoint for Mac
Forcepoint DLP Endpoint for Mac contains five log files:
*
Installation Log (endpoint_install.log): This log contains the installation path. This path may contain the username. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
*
Boot Error Log (proxy_boot_err.log): This log contains errors from the endpoint software start up and system details. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
*
Service Log (wepsvc.log): This log contains service status information and browser extension removal messages. This log file is unencrypted and can be accessed by any user on the endpoint machine. Any user can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
*
Proxy Daemon Log (dlp_daemon_err.log [stderr], dlpdebug.log [stdout]): This log file contains user and connection information. This log file is unencrypted and can be accessed by any user on the endpoint machine. Only the owner (root) can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
*
Endpoint Helper (dlphelper_err.log): This log file contains the address of the command server, which is required for the service to operate. This log file is unencrypted and can be accessed by any user on the endpoint machine. Any user can write or modify the log. Logs remain on the endpoint machine after the user uninstalls the endpoint software. The past five logs are retained, and older logs are overwritten when newer logs are filled up (max size: 4.1MB).
Support for macOS 10.13.0 through 10.13.5 (High Sierra)
Forcepoint DLP Endpoint can now run on the macOS operating systems 10.13.0, 10.13.1, 10.13.2, 10.13.3, 10.13.4, and 10.13.5.
Starting with macOS 10.13.x, Apple prompts you for permission to apply kernel extensions.
Enabling the kernel extension
When the endpoint machine loads the Forcepoint DLP Endpoint for the first time, macOS prompts you to enable the extension. You can enable the extension in System Preferences > Security & Privacy. For more information, see the User-Approved Kernel Extension Loading Technical Note from Apple.
 
Note 
Disabling the blocked kernel extension prompt
To disable macOS from prompting you to allow kernel extensions, complete the following steps. Please note that following these steps automatically allows all kernel extensions.
1.
2.
spctl kext-consent disable
3.
Support for macOS Native Apps on the clipboard and print channels
The following macOS Native Apps are now supported on the clipboard and print channels for macOS 10.12.2 (and higher) and macOS 10.13.0 (and higher).
Calendar, Photos, Mail, Notes, Pages, Script Editor, Preview, Numbers, Keynote, Safari, Messages, and TextEdit
For additional information about all of the supported Apps and operating system versions, see the DLP macOS Native Application Print and Clipboard Support KBA.
FIPS-Compliant Encryption Libraries
The following Forcepoint Endpoint products use Federal Information Processing Standards (FIPS) publication 140-2 Level 1 (FIPS PUB 140-2 L1) compliant encryption libraries:
*
*
 
Note 
To support this update, the v8.5 Forcepoint DLP Endpoint product contains the following updates:
*
*
*
*
*
 
Note 
Endpoint application exclusion is no longer supported for mac0S 10.12.x and higher
The Excluded Applications feature allows you to separate an application from the Forcepoint Endpoint drivers. Due to updates introduced by Apple in macOS 10.12, the Excluded Applications feature is no longer needed or supported on endpoint machines running macOS 10.12.x or higher.
The Excluded Applications feature is still supported on endpoint machines running Mac OS X 10.11 and lower.
Support for latest browsers
Browsers and operating systems are tested with existing versions of endpoint solutions when they become available. For a full list of supported browsers and operating systems for each endpoint version, see the Certified Product Matrix.
Some of the latest browsers are not supported for specific Forcepoint endpoint solutions (with exceptions noted below):
*
*
*
*
*
Firefox ESR v60.0 and higher can be used with Forcepoint Web Security Endpoint on Windows endpoint machines.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2018 Forcepoint LLC. All rights reserved.