KB Article | Forcepoint Support

Problem Description

Antivirus scanning can degrade the performance of Forcepoint components. This article lists folders and files that should be excluded from antivirus scans.

Please note:
  • Forcepoint is not aware of a risk in excluding the files or folders that are mentioned in this section from your antivirus scans. However, it is possible that your system would be safer if you did not exclude them.
  • When you scan these files, performance and operating system reliability problems may occur because of file locking.
  • Do not exclude any files based on the filename extension. For example, do not exclude all files that have a .dit extension.

Refer to your antivirus vendor's documentation for instructions on excluding files from scans.

NOTE: During installation of Forcepoint products, disable antivirus software altogether. After installation, re-enable antivirus software.

Resolution

NOTE: The DLP Endpoint has been renamed several times:

  • TRITON AP-ENDPOINT DLP was renamed Forcepoint DLP Endpoint in v8.4.x.
  • Forcepoint DLP Endpoint was renamed Forcepoint One Endpoint (DLP) in v18.12.x (released with DLP v8.6 and Web Security v8.5.3)
  • Forcepoint DLP Endpoint is again used in v19.03 and higher.

This KBA refers to all DLP Endpoints by its current name: Forcepoint DLP Endpoint


Windows endpoints

The following directories should be excluded from the antivirus software that is deployed to Windows-based endpoint machines:
  • C:\Program Files\Websense\Websense Endpoint
  • Custom folder location defined by the customer
Also exclude the following:

Processes

Forcepoint DLP Endpoint and Forcepoint Web Security Endpoint:
  • ..\Websense\Websense Endpoint\wepsvc.exe
  • ..\Websense\Websense Endpoint\dserui.exe
Forcepoint DLP Endpoint only:
  • ..\Websense\Websense Endpoint\EndpointClassifier.exe
  • ..\Websense\Websense Endpoint\FilterSDK\kvoop.exe
Forcepoint One Endpoint only:
  • ..\Websense\Websense Endpoint\f1eui.exe
  • ..\Websense\Websense Endpoint\fppsvc.exe
Forcepoint Web Security Endpoint only:
  • ..\Websense\Websense Endpoint\tsui.exe (Forcepoint Web Security Direct Connect Endpoint UI process)
  • ..\Websense\Websense Endpoint\proxyui.exe (Forcepoint Web Security Proxy Connect Endpoint UI process)
  • ..\Websense\Websense Endpoint\rfui.exe (Forcepoint Remote Filtering Client UI process)
  • ..\Websense\Websense Endpoint\WEPDiag.exe (Diagnostics tool process.This process only runs on demand. It does not run continuously like the other processes.)

DLL files

  • C:\Windows\System32\QIPCAP.dll
  • C:\Windows\System32\QIPCAP64.dll
  • C:\Windows\System32\QIPOverlay.dll

SYS files

  • C:\Windows\System32\drivers\cwnep.sys
  • C:\Windows\System32\drivers\FpFile.sys (Forcepoint One Endpoint only)
  • C:\Windows\System32\drivers\FpProcess.sys (Forcepoint One Endpoint only)
  • C:\Windows\System32\drivers\qip.sys
  • C:\Windows\System32\drivers\qiptdi.sys
  • C:\Windows\System32\drivers\rnetcore.sys
  • C:\Windows\System32\drivers\WNetCore.sys
  • C:\Windows\System32\drivers\WFPRedir.sys
  • C:\Windows\System32\drivers\WsNetFlt.sys
  • C:\Windows\System32\drivers\WsOMFlt.sys
  • C:\Windows\System32\drivers\WsWfpRF.sys

Mac endpoints

The following directories should be excluded from the antivirus software that is deployed to Mac-based endpoint machines:
  • /Library/Application Support/Websense Endpoint
  • /Library/Mail/Bundles/DataSecurityPlugin.mailbundle
  • /Applications/Forcepoint DLP Endpoint.app
  • /Applications/Forcepoint DC Endpoint.app (if Direct Connect Endpoint is installed)
  • /Applications/Forcepoint PC Endpoint.app (if Proxy Connect Endpoint is installed)
  • /Applications/Forcepoint Decryption Utility.app
Also exclude the following:

Libraries

  • /usr/local/lib/libwep
  • /usr/local/lib/libwep_airdrop.dylib
  • /usr/local/lib/libwep_burn.dylib
  • /usr/local/lib/libwep_cbcarbon.dylib
  • /usr/local/lib/libwep_cbcocoa.dylib
  • /usr/local/lib/libwep_dutil.dylib
  • /usr/local/lib/libwep_ff.dylib
  • /usr/local/lib/libwep_hook.dylib
  • /usr/local/lib/libwep_icloud.dylib
  • /usr/local/lib/libwep_mail.dylib
  • /usr/local/lib/libwep_outlook.dylib
  • /usr/local/lib/libwep_post.dylib
  • /usr/local/lib/libwep_printer.dylib
  • /usr/local/lib/libwep_screen.dylib

Utility tool

  • /usr/local/sbin/wepsvc

 

Article Feedback



Thank you for the feedback and comments.