KB Article | Forcepoint Support

Problem Description

Users managing MacOS with Jamf want a way to deploy the Forcepoint Endpoint. As the Endpoint package is actually a 2 in one .zip file, this method describes a way to accomplish this.

Note These instructions should work for the DLP or Web endpoint. Use whatever flags or context paths needed to run in a commandline install in your script.


To deploy a Forcepoint Endpoint to MacOS users using Jamf, the first requirement is to prepare an Endpoint package:

  1. Download the Forcepoint Package builder for the endpoint version to be used in the environment. 
    1. Go to https://support.forcepoint.com/Downloads.
    2. Click All Downloads.
    3. Go to the Endpoint Security section.
    4. Click the Endpoint Version number beneath the type to be built.
    5. Click the Installer to be used. If multiple endpoint installers are present, click the one that mentions MacOS in the operating system column. 
    6. Scroll to the bottom of the page and click Download.
  2. Create the package. On the installer page where the download began, there is another link listed as Installation Guide that carries instructions. As an example, this is the installation guide for the Web 8.5 Endpoint: Forcepoint Endpoint Solutions Installation and Deployment Guide.
Important The below information is not supported by Forcepoint Technical Support. For any questions regarding using Casper or Jamf, contact Jamf Nation. For any questions regarding MacOS, contact Apple
  1. Once the package is built with the Forcepoint Package builder, upload the file using Casper admin. For information, see the Jamf Pro Administrator's Guide for the version in use.
  2. Create a policy to deploy the zip. This is ideally with a smart or static group but could be targeted users. 
  3. Make a second policy that looks for the package already installed that runs a bash script to run the installer with the sudo prefix:
    • sudo unzip ./endpoint.zip 
    • sudo ./endpointpackagefile.pkg

Note The file names should be updated with the true file name created by the endpoint package builder.

  1. The endpoint package (not the classifer.pkg) contains the installer and will call on the other files from the zip, so run the command inside the directory where the zip has been extracted.

Article Feedback

Thank you for the feedback and comments.