KB Article | Forcepoint Support

Problem Description

Users managing MacOS with Jamf seek a method to deploy the Forcepoint Endpoint through it as a means to bypass the need to permit the Endpoint kernel extension (kext) to be loaded per machine. As the Endpoint package is actually a two-in-one .zip file, this article describes a way to accomplish this.

Note These instructions should work for the DLP and Web Endpoint. Use whatever flags or context paths needed to run in a command line installation in the script.


To deploy a Forcepoint Endpoint to MacOS users using Jamf, the first requirement is to prepare an Endpoint package:

  1. Download the Forcepoint Package builder for the Endpoint version to be used in the environment. 
    1. Go to https://support.forcepoint.com/Downloads.
    2. Click All Downloads.
    3. Go to the Endpoint Security section.
    4. Click the Endpoint Version number beneath the type to be built.
    5. Click the Installer to be used. If multiple installers are present, selectthe one that mentions MacOS in the operating system column. 
    6. Scroll to the bottom of the page and click Download.
  2. Create the package. On the installer page where the download began, the Installation Guide contains instructions to guide through the process.
Important The steps below are not supported by Forcepoint Technical Support for case troubleshooting. For any questions regarding using Casper or Jamf, contact Jamf Nation. For any questions regarding MacOS, contact Apple
  1. Once the package is built with the Forcepoint Package builder, upload the file using Casper admin. For information, see the Jamf Pro Administrator's Guide for the version in use.
  2. Create a policy to deploy the ZIP archive, ideally with a smart or static group.
  3. Make a second policy that looks for the package already installed that runs a bash script to run the installer with the sudo prefix:
    • sudo unzip ./endpoint.zip 
    • sudo ./endpointpackagefile.pkg

Note The file names should be updated with the true file name created by the Endpoint Package Builder.

  1. The Endpoint package (not the classifer.pkg) contains the installer and will call on the other files from the zip, so run the command inside the directory where the zip has been extracted.

Article Feedback

Thank you for the feedback and comments.