Windows Endpoints
The following directories should be excluded from the antivirus software that is deployed to Windows-based endpoint machines:
- C:\Program Files\Websense\Websense Endpoint
- Custom installation directory if defined by the installer
Also exclude the following:
Processes
Forcepoint DLP Endpoint and Forcepoint Web Security Endpoint:
- ..\Websense\Websense Endpoint\wepsvc.exe
- ..\Websense\Websense Endpoint\dserui.exe
Forcepoint DLP Endpoint only:
- ..\Websense\Websense Endpoint\EndpointClassifier.exe
- ..\Websense\Websense Endpoint\FilterSDK\kvoop.exe
Forcepoint One Endpoint only:
- ..\Websense\Websense Endpoint\f1eui.exe
- ..\Websense\Websense Endpoint\fppsvc.exe
Forcepoint Web Security Endpoint only:
- ..\Websense\Websense Endpoint\tsui.exe (Forcepoint Web Security Direct Connect Endpoint UI process)
- ..\Websense\Websense Endpoint\proxyui.exe (Forcepoint Web Security Proxy Connect Endpoint UI process)
- ..\Websense\Websense Endpoint\rfui.exe (Forcepoint Remote Filtering Client UI process)
- ..\Websense\Websense Endpoint\WEPDiag.exe (Diagnostics tool process.This process only runs on demand. It does not run continuously like the other processes.)
Forcepoint CASB Endpoint only:
- ..\Websense\Websense Endpoint\SkyfenceSecurityService\certutil.exe
- ..\Websense\Websense Endpoint\SkyfenceSecurityService\RefreshSettings.exe
- ..\Websense\Websense Endpoint\SkyfenceSecurityService\sfage.exe
- ..\Websense\Websense Endpoint\SkyfenceSecurityService\sfsrv.exe
DLL Files
- C:\Windows\System32\QIPCAP.dll
- C:\Windows\System32\QIPCAP64.dll
- C:\Windows\System32\QIPOverlay.dll
- C:\Windows\SysWOW64\QIPCAP.dll (64-bit Windows)
SYS Files
- C:\Windows\System32\drivers\cwnep.sys
- C:\Windows\System32\drivers\FpFile.sys (Forcepoint One Endpoint only)
- C:\Windows\System32\drivers\FpProcess.sys (Forcepoint One Endpoint only)
- C:\Windows\System32\drivers\qip.sys
- C:\Windows\System32\drivers\qiptdi.sys
- C:\Windows\System32\drivers\rnetcore.sys
- C:\Windows\System32\drivers\WNetCore.sys
- C:\Windows\System32\drivers\WFPRedir.sys
- C:\Windows\System32\drivers\WsNetFlt.sys
- C:\Windows\System32\drivers\WsOMFlt.sys
- C:\Windows\System32\drivers\WsWfpRF.sys
Mac Endpoints
The following directories should be excluded from the antivirus software that is deployed to Mac-based endpoint machines:
- /Library/Application Support/Websense Endpoint
- /Library/Mail/Bundles/DataSecurityPlugin.mailbundle
- /Applications/Forcepoint DLP Endpoint.app
- /Applications/Forcepoint DC Endpoint.app (if Direct Connect Endpoint is installed)
- /Applications/Forcepoint PC Endpoint.app (if Proxy Connect Endpoint is installed)
- /Applications/Forcepoint Decryption Utility.app
Also exclude the following:
Libraries
- /usr/local/lib/libMsgCom.dylib
- /usr/local/lib/libSysCtlCom.dylib
- /usr/local/lib/libwep
- /usr/local/lib/libwep_airdrop.dylib
- /usr/local/lib/libwep_burn.dylib
- /usr/local/lib/libwep_cbcarbon.dylib
- /usr/local/lib/libwep_cbcocoa.dylib
- /usr/local/lib/libwep_chrome.dylib
- /usr/local/lib/libwep_dutil.dylib
- /usr/local/lib/libwep_ff.dylib
- /usr/local/lib/libwep_hook.dylib
- /usr/local/lib/libwep_icloud.dylib
- /usr/local/lib/libwep_mail.dylib
- /usr/local/lib/libwep_outlook.dylib
- /usr/local/lib/libwep_post.dylib
- /usr/local/lib/libwep_pref.dylib
- /usr/local/lib/libwep_printer.dylib
- /usr/local/lib/libwep_proxy.dylib
- /usr/local/lib/libwep_screen.dylib
Utility Tool
Keywords: Endpoint; Windows; MAC; Antivirus Exclusion; Processes; DLL Files; Sys files; Libraries; Utility Tool; Forcepoint One Endpoint; DLP Endpoint; Monitoring Whitelist; MacOS Antivirus Exclusions; McAfee; Tanium; Symantec; Kaspersky