Excluding Forcepoint Endpoint from Antivirus Scanning
When installing a Forcepoint Endpoint (Web Security Endpoint, DLP Endpoint, Remote Filtering Client, or Forcepoint CASB Endpoint) on an endpoint machine, exclude the installation directory from antivirus scanning.
The DLP Endpoint has been renamed several times:
TRITON AP-ENDPOINT DLP was renamed to the Forcepoint DLP Endpoint in v8.4.x.
Forcepoint DLP Endpoint was renamed to the Forcepoint One Endpoint (DLP) in v18.12.x (released with DLP v8.6 and Web Security v8.5.3)
Forcepoint DLP Endpoint is again used in v19.03 and higher.
This KBA refers to all DLP Endpoints by its current name: Forcepoint DLP Endpoint.
The Web Security Endpoint was renamed from TRITON AP-ENDPOINT Web to Forcepoint Web Security Endpoint in v8.4.x. This KBA refers to all Web Security Endpoints by its current name: Forcepoint Web Security Endpoint.
This article was researched, written, and published by the User Assistance team with approval from Engineering. All requests for updates or changes to this KBA should be submitted to this email alias: User Assistance. Please note that a customer-facing document may be linked to this article.
March 1, 2016: Reverting the article URL to its original URL. It is not necessary nor recommended to change the URL Name field as products change. Doing so causes broken links. (Wendy Leiva)
January 31, 2017: Added "WsOMFlt.sys" to the list. In case 03127685, the partner verified from their tests that, if they do not add this file to the McAfee exclusion list, the "detect exploit" feature of McAfee will cause Adobe Reader to crash. (Bryan Bonifacio)
September 28, 2018: Changed Websense references to Forcepoint. Added new product names (Forcepoint DLP Endpoint and Forcepoint Web Security Endpoint).(Michael Roane, UA)
December 20, 2018: Updated DLP Endpoint name, added new products and versions, and added the Note at the top of the Resolution. Updated the list of excluded items after a review by the Endpoint team. This list now matches the list in the Deployment and Installation Center released on 12/20/2018. (Michael Roane, UA)
April 11, 2019: Updated Mac directories for Forcepoint One Endpoint v19.03 release. Also add v19 as a supported version. (Michael Roane, UA)
February 18, 2020: Updated the first bullet in the Problem's Note. (Michael Roane, UA)
March 5, 2020: Added v20 to the list of supported versions (Michael Roane, UA)
October 12, 2020: Removed non-Endpoint products from the list. Added C:\Windows\SysWOW64\QIPCAP.dll (64-bit Windows) as a Windows DLL to exclude as requested by TEG.
December 8, 2020: Updated the Mac libraries for the F1E v20.12 release (Michael Roane, UA)
5/20/2021 - Removed unicode symbols after the Knowledge migration. Set Products to be general without versions for DLP, Web, CASB, and NGFW
June 29, 2021: Updated to add a note about Neo information (Heidi Sandler, UA)
January 20, 2022: Updated rebranding of 'Forcepoint One Endpoint' to 'Forcepoint F1E' (Haripriya Sivan, UA)
3/10/2022 - Added PaisOOP.exe as an exclusion.
07/21/2022 - Added "Additional Exclusions" section with topic "Communication to localhost (127.0.0.1) must be allowed." (Richard Figueras, TS)
2/2/2023 msolterbeck - Added fpneonetworksvc.exe, fpnetcon.sys, CertChecker.app, and fpneone.app per Gearóid O'Leary; removed all H2 fonts (very large on Customer hub) and replaced with H3 bolded fonts.
