KB Article | Forcepoint Support

Notes & Warnings

The following Forcepoint One Endpoint agents can be installed on Mac endpoint machines:
  • Forcepoint DLP Endpoint
  • Forcepoint Web Security Endpoint
    • Forcepoint Web Security Proxy Connect Endpoint
    • Forcepoint Web Security Direct Connect Endpoint
    For a list of supported Mac operating systems, see the Certified Product Matrix for Forcepoint One Endpoint.

    Problem Description

    I've generated an installation package for Forcepoint One Endpoints running Mac OS X and macOS, but there are hundreds of Mac machines in my organization. How can I install Forcepoint One Endpoint as a group rather than one-by-one?


    The Apple Remote Desktop software can be used to remotely manage and install Forcepoint One Endpoint to Mac machines. Other options include MDM deployment tools, such as Jamf or Workspace One.

    Note that all the files must be located locally in the same directory on each system. The installer packages include the following files:

    • Forcepoint DLP Endpoint
      • WebsenseEndpoint.pkg
      • WebsenseEPClassifier.pkg
      • ca.cer
      • localConfig.xml
    • Forcepoint Web Security Proxy Connect Endpoint
      • WebsenseEndpoint.pkg
      • HWSConfig.xml
    • Forcepoint Web Security Direct Connect Endpoint
      • WebsenseEndpoint.pkg
      • DCClientConfig.hsw
      • DCAdminConfig.hsw (only required for auto-upgrade functionality)


    1. In Apple Remote Desktop, create a “Copy Items” action to copy all the Forcepoint One Endpoint package files to a location on the target Mac machine(s). Select the Mac machines of interest and schedule the task. You can select one machine or a group of machines as desired.  In the following example, all the necessary files are copied to a temporary directory (/private/var/tmp/). The action is configured to replace the files if they exist.

      Copy installer files
    2. Send a UNIX command like the one below to run the Forcepoint One Endpoint installer on the remote machines. As before, select the machines of interest and schedule the task. Run the command as the “root” user.
      Send UNIX command

      When the installation completes, a log message like the following displays:

      Log message

    Please note that for modern OS X versions (macOS 10.15 and higher), permissions such as Full Disk Access are needed for Forcepoint DLP Endpoint to function properly through its kernel extension. Please refer to this KBA for more information.

    Keywords: UA; Forcepoint DLP Data Endpoint; Apple macOS Operating System; Endpoint Deployment; Endpoint Package Builder; DLP Endpoint Installation Issue; Remote Deployment Tool; macOS Catalina; Mac Kernel Extension; Driver Signing; Web Endpoint; PCEP; DCEP; proxy connect; direct connect; 

    Article Feedback

    Thank you for the feedback and comments.