This document lists the known and resolved issues for the following F1E versions:

• F1E Package Builder: build 19.06.910
• Windows:
  • Forcepoint DLP Endpoint: build 19.06.910
  • Forcepoint Web Security Proxy Connect Endpoint: build 19.06.910
  • Forcepoint Web Security Direct Connect Endpoint: build 19.06.910
  • Remote Filtering Client: build 19.06.910
  • Forcepoint Endpoint Context Agent: build 19.06.910
• Mac:
  • Forcepoint DLP Endpoint: build 19.06.0196
  • Forcepoint Web Security Proxy Connect Endpoint: build 19.06.0196
  • Forcepoint Web Security Direct Connect Endpoint: build 19.06.0196
  • Remote Filtering Client: build 19.06.0196

For more information about this release, see the Release Notes for F1E v19.06.

This release reflects changes since the F1E v19.04 release on May 6, 2019. See the Release Notes for Forcepoint Endpoint v19.04 for more information about that release. See the Resolved and Known Issues for F1E v19.04 Knowledge Base article for more information about the resolved and known issues in that release.
 

Resolved Issues

Forcepoint DLP Endpoint (Windows)

The following issues were resolved in this release of Forcepoint DLP Endpoint for Windows endpoint machines.

• When Forcepoint DLP Endpoint runs a one-time Discovery Scan, the scan no longer runs again if you update a policy. (UEP-31941, EI-20864)
• The Windows 10 build number is now included as part of the Operating System information in the Debugdump log. (UEP-32372)
• Firefox ESR customization files are no longer overwritten by Forcepoint DLP Endpoint. (UEP-33593, EI-21069)
• When you uninstall Forcepoint DLP Endpoint using MSIExec from the command line, the password is restricted to 32 characters. If you try to create a password that is above 32 characters, Forcepoint DLP Endpoint truncates the password and only uses the first 32 characters. (UEP-33794, EI-21338)
• Microsoft Outlook no longer becomes unresponsive after upgrading Forcepoint DLP Endpoint on a Windows endpoint machine. (UEP-34275, EI-21447)
• Forcepoint DLP Endpoint correctly blocks file uploads through online applications when only the Web channel is enabled. (UEP-34335, EI-21273)
• After an end user selects a reason on the confirmation dialog window and clicks Allow, the Forcepoint Security Manager now shows the selected reason in the Incident’s History tab. (UEP-34307)
• Installing F1E on Windows 10 version 1903 no longer causes a Windows stop error (i.e, the error is shown on a blue screen). (UEP-34494)

Forcepoint DLP Endpoint (Mac)

The following issues were resolved in this release of Forcepoint DLP Endpoint for Mac endpoint machines.

• When Forcepoint DLP Endpoint runs a one-time Discovery Scan and it does not complete (usually because a new policy was pushed to Forcepoint DLP Endpoint), the scan marks its location and continues from that location when the scan restarts. This issue caused the scan to restart at the beginning. (UEP-32336)
• On macOS 10.14.x, Forcepoint DLP Endpoint now monitors Microsoft Outlook 2016 v16.16.7 and higher, and Microsoft Outlook 2019 v16.21 and higher (UEP-32341)
• After auto-updating from Forcepoint Web Security Direct Connect Endpoint to Forcepoint Web Security Direct Connect Endpoint and Forcepoint DLP Endpoint, the new Forcepoint DLP Endpoint agent menu is now shown when you click the F1E icon on the menu bar's status menu. (UEP-33355)
• Logout events are now logged. (UEP-33965)
• After an initial file upload is blocked, subsequent file uploads are now correctly allowed or blocked per policy when uploaded through Safari 12.1 on macOS 10.14.4 endpoint machines. (UEP-34804, EI-21576)
• After upgrading from macOS 10.13.x to macOS 10.14.4, Forcepoint DLP Endpoint now correctly downloads the profile from DLP. (UEP-35053, EI-21460)

Forcepoint Web Security Endpoint (Windows)

The following issues were resolved in this release of Forcepoint Web Security Endpoint for Windows endpoint machines.

• Forcepoint Web Security Direct Connect Endpoint no longer conflict with a proprietary third-party Java application. This issue caused the application to run slowly when Forcepoint Web Security Direct Connect Endpoint was installed on the Windows endpoint machine. (UEP-20555, EI-18216)
• Forcepoint Web Security Proxy Connect Endpoint now works with the NetMotion VPN client on Windows endpoint machines. (UEP-31703, EI-20712)
• The Windows 10 build number is now included as part of the Operating System information in the Debugdump log. (UEP-32372)
• In the Forcepoint Web Security Direct Connect Endpoint Diagnostics Tool, the connections to the Management Server no longer fail when you run the Cloud Services diagnostics test. (UEP-33408)
• Forcepoint Web Security Proxy Connect Endpoint no longer routes web requests for internal web pages to Forcepoint Web Security Cloud. (UEP-33536, EI-20911)
• The Remote Filtering Client now correctly shows the block page on endpoint machines running Windows 10 version 1809. (UEP-33914)
• Forcepoint Web Security Direct Connect Endpoint no longer causes Certificate Revocation errors when end users try to access HTTPS web pages. (UEP-33915, EI-18770)
• Outlook no longer stops working then restarts when Forcepoint Web Security Direct Connect Endpoint is enabled on a Windows endpoint machine. (UEP-34899, EI-21591, EI-21859)

Forcepoint Web Security Endpoint (Mac)

The following issues were resolved in this release of Forcepoint Web Security Endpoint for Mac endpoint machines.

• Forcepoint Web Security Proxy Connect Endpoint no longer shows an error message when you try to stop or uninstall the Forcepoint Web Security Proxy Connect Endpoint using the wepsvc utility from the command line. (UEP-34798)
• If a domain is on the allowed list in Forcepoint Web Security, Forcepoint Web Security Proxy Connect Endpoint no longer sends the connection through the proxy. (UEP-35450)
• The Forcepoint Web Security Direct Connect Endpoint Diagnostics Tool now shows the progress when it checks connection status. (UEP-33518)
• The DCClient.plist file is correctly loaded after Forcepoint Web Security Direct Connect Endpoint is restarted or after the Mac endpoint machine restarts. (UEP-35377)

Forcepoint Endpoint Context Agent (Windows)

The following issues were resolved in this release of Forcepoint Endpoint Context Agent for Windows endpoint machines.

• Forcepoint Endpoint Context Agent now correctly resends logon and group metadata to Forcepoint NGFW. (UEP-31925)
• The Windows 10 build number is now included as part of the Operating System information in the Debugdump log. (UEP-32372)

F1E package builder

There were no package builder resolved issues in this release.

Known Issues

Forcepoint DLP Endpoint (Windows)

The following issues are known in this release of Forcepoint DLP Endpoint for Windows endpoint machines.

• Windows 10 Creators Update, version 1703, endpoint machines with either Forcepoint DLP Endpoint or a combination of Forcepoint DLP Endpoint and Forcepoint Web Security Endpoint may automatically reboot when running the Forcepoint Endpoint auto-update process. 
  • Workaround: Select the configuration for “no reboot” in the auto-update server. The endpoint machine will not automatically reboot itself after the auto-update process completes. However, since the installer requires a reboot to complete the installation process, Forcepoint Endpoint will not be auto-updated until the user reboots the endpoint machine or starts the EP manually.
• Forcepoint DLP Endpoint 19.06 displays confirmation dialog windows on the Web channel for specific user actions. If the user action is performed repeatedly, Forcepoint DLP Endpoint displays the confirmation dialog window multiple times within a short period of time. For example, if a user’s Gmail account is set to auto-save every 30 seconds, Forcepoint DLP Endpoint displays the confirmation dialog every 30 seconds. Forcepoint is working on a solution to identify multiple instances of the same behavior and stop the repeated display of the same confirmation dialog window. 
• After creating a Forcepoint DLP Endpoint policy that includes browser file uploads to onedrive.live.com, Forcepoint DLP Endpoint may not block sensitive files sent (drag and drop) to Microsoft OneDrive. This issue has been identified using the Firefox or Chrome web browser on Windows endpoint machines.
• After creating a Forcepoint DLP Endpoint policy that includes browser file uploads to mail.aol.com, AOL mail may become unresponsive after blocking sensitive files over multiple attempts. This issue has been identified using the Firefox or Chrome web browser on Windows endpoint machines. 
• After creating a Forcepoint DLP Endpoint policy that includes browser file uploads to box.com, Forcepoint DLP Endpoint may not block sensitive files sent to Box. This issue has been identified using the Internet Explorer v11 web browser on Windows endpoint machines. 
• Forcepoint DLP Endpoint does not correctly block a print job that contains sensitive content.  
• Printing a PDF document from a network drive using Adobe Reader does not correctly trigger an incident.  
• When Forcepoint DLP Endpoint runs a one-time Discovery Scan and it does not complete, the scan restarts from the beginning instead of restarting from the location where it stopped. 
• Endpoint status messages in Forcepoint DLP Endpoint do not display in the selected language. These messages only display in English. 
• Forcepoint DLP Endpoint prevents web browsers (Chrome, Firefox, and Internet Explorer) from working if the File Access Endpoint Operation is checked in Forcepoint DLP under Endpoint Application Groups > Endpoint Application Group Details > Browsers.
• When you try to upload a sensitive file to Google Drive using Chrome, you may see multiple pop-up block messages even though you only tried to upload one file or you may see multiple confirmation dialog windows after you select the Block action in the first confirmation dialog window. This issue affects Windows 10 endpoint machine with Forcepoint DLP Endpoint installed. 
• When you try to upload a folder containing several sensitive files to Google Drive using Chrome, you may see multiple confirmation dialog windows after you select the Block action in the first confirmation dialog window. This issue affects Windows 10 endpoint machine with Forcepoint DLP Endpoint installed. 

Forcepoint DLP Endpoint (Mac)

The following issues are known in this release of Forcepoint DLP Endpoint for Mac endpoint machines.

• On Mac endpoint machines (macOS 10.12.2 and later), Forcepoint DLP Endpoint should block email attachments that contain sensitive data when they are sent through web-based email services using the Google Chrome browser. This affects only attachments sent through the Endpoint HTTP/HTTPS channel. This issue is most likely to occur when multiple files are attached to one email, and when the attachments are Microsoft Office files (all versions of Office) and TXT files.
  • Workaround Option 1: If you are using Forcepoint DLP v8.4 or lower, add the File Access operation to the Chrome Endpoint application:

1. In the DLP module of the Forcepoint Security Manager, select Main > Policy Management > Resources.
2. Click Endpoint Applications Groups.
3. Click Browsers.
4. From Members, click Edit.
5. From Available Applications, select Chrome and move it to the Selected Applications box.
6. From Endpoint Operations, select File Access.
7. Save and deploy the changes.

• Workaround Option 2: If you are using Forcepoint DLP v8.5, configure online application support for Chrome:
  • Complete the DLP Configuration Requirements for Windows Chrome and Google Drive Support procedure in the Online file storage systems Knowledge Base article.
• Workaround Option 3: If you are using Forcepoint DLP v8.6, enable and configure online application support (this feature is hidden by default):

1. Run the following SQL command in your SQL database:

   UPDATE [wbsn-data-security].[dbo].[PA_CONFIG_PROPERTIES] SET VALUE = 'true' WHERE NAME = 'BROWSER_EXTENSION_FILE_UPLOAD_BYPASS_DETECTION'

2. Go to Endpoint Global Properties (Settings > General > Endpoint > Detection tab).
3. Check the Enable web file uploads analysis check box.
4. Complete the DLP Configuration Requirements for Windows Chrome and Google Drive Support procedure in the Online file storage systems Knowledge Base article.

• When localizing the language to Italian, some screens within the Forcepoint DLP Endpoint interface display numbers instead of text on Mac endpoint machines. 
• On Mac endpoint machines running Forcepoint DLP Endpoint, posting sensitive data to a website form’s input fields using the Chrome browser does not trigger Forcepoint DLP policies.
• The Forcepoint DLP Endpoint might show file upload incidents (false positives) even if actual files were not uploaded to cloud-based storage services. This issue affects Mac endpoint machines running macOS 10.14. 
• DLP for Mac OS: Synchronous XMLHttpRequest is not monitored when running the Safari extension (Mojave).
• When using Outlook.com in Safari, you may encounter a memory error after the Forcepoint DLP Endpoint blocks an email containing sensitive content. 
  • Error: “This webpage is using significant memory. Closing it may improve the responsiveness of your Mac.”
  • Workaround: Restart Safari.
• Dismissing an Outlook 2016 meeting that contains sensitive data causes Forcepoint DLP Endpoint to block the action. 
• Forcepoint DLP Endpoint does not start after an auto-update. The endpoint machine must be restarted. 

Forcepoint Web Security Endpoint (Windows)

The following issues are known in this release of Forcepoint Web Security Endpoint for Windows endpoint machines.

• Windows 10 Creators Update, version 1703, endpoint machines running a combination of Forcepoint DLP Endpoint and Forcepoint Web Security Endpoint may automatically reboot when running the Forcepoint Endpoint auto-update process. 
  • Workaround: Select the configuration for “no reboot” in the auto-update server. The endpoint machines will not automatically reboot itself after the auto-update process completes. However, since the installer requires a reboot to complete the installation process, Forcepoint Endpoint will not be auto-updated until the user reboots the endpoint machine or starts the EP manually.
• In a hybrid Forcepoint Web Security Proxy Connect Endpoint environment, Chrome browser sessions are routed through the Cloud proxy instead of the on-premises proxy when the endpoint machine is connected through a VPN. This issue affects browser sessions through Chrome v72 and higher.
• VPN client software is not connecting to the VPN server when Forcepoint Web Security Proxy Connect Endpoint is installed on the endpoint machine. 

Forcepoint Web Security Endpoint (Mac)

The following issues are known in this release of Forcepoint Web Security Endpoint for Mac endpoint machines.

• For certificate errors, Safari and Chrome display browser error pages instead of the Forcepoint Web Security Direct Connect Endpoint block page. 
• Firefox 65 connections are sometimes subject to excessive delays (20 seconds or longer). 
• The Forcepoint Web Security Direct Connect Endpoint proxy server requires appropriate username, password, and context to be used for HTTP/HTTPS in the keychain. 
• The password created during the installation process may not work when upgrading or downgrading Forcepoint Web Security Direct Connect Endpoint. 
• Forcepoint Web Security Direct Connect Endpoint goes into Fallback mode when Kaspersky Antivirus is installed on the same endpoint machine. 
• Forcepoint Web Security Direct Connect Endpoint currently double-filters network requests, once by the Forcepoint Web Security Direct Connect Endpoint, then by the Web Security Gateway. 
• For HTTPS requests, Forcepoint Web Security Direct Connect Endpoint headers do not show the correct user agent string. 
• After a Mac endpoint machine running macOS 10.13.6 is restarted twice, the Forcepoint Web Security Direct Connect Endpoint incorrectly reports a Fallback mode event.  

Forcepoint Endpoint Context Agent (Windows)

The following issues are known in this release of Forcepoint Endpoint Context Agent for Windows endpoint machines.

• The Forcepoint Endpoint Context Agent cannot get the status of the local firewall and antivirus software on Windows Server 2012 and 2016. 
• Network connections produced by some Windows processes do not provide metadata for Windows 10 Metro apps. 
• For NetBIOS Name Service connections produced by the SYSTEM executable, the signature check is successful even though the SYSTEM executable has no signer. 
• The Forcepoint Endpoint Context Agent collects group information for local users. Only group information read from Active Directory should be collected and sent to Forcepoint NGFW.
• When a user upgrades from the Forcepoint Endpoint Context Agent 1.2 to a higher version (1.3 or 1.4), the installation package copies an ECA_Client*.xml configuration file to the installation directory. If the new ECA_Client*.xml configuration file does not contain the same settings as the old 1.2 ECA_Client*.xml configuration file, the new Forcepoint ECA client uses the new configuration and ignores the existing 1.2 configuration.
• The “Forcepoint ECA UI” process blocks users from logging off of the Citrix XenApp portal. The Forcepoint Endpoint Context Agent is not recommended for use in Citrix XenApp environments.
• After installing Forcepoint Endpoint Context Agent using the MSI installer, the Forcepoint ECA service does not start.
  • Workaround: Restart the endpoint machine to start the Forcepoint ECA service.
• After upgrading from the conventional Forcepoint Endpoint Context Agent to the new F1E Forcepoint ECA, the conventional Forcepoint Endpoint lifebuoy icon is shown on the Windows task bar instead of the new F1E icon. This issue does not affect new v19.04 installations.
• Local blank metadata connections are shown in the log files. Local connections should not be shown in log files.

F1E package builder

The following issue is known in this release of the F1E package builder.

• In the F1E package builder, version 19.06.910, the Linux option is shown, but it cannot be selected.