This document lists the known and resolved issues for the following Forcepoint One Endpoint versions:

• F1E Package Builder: build 19.08.4131
• Windows:
  • Forcepoint DLP Endpoint: build 19.08.4131
  • Forcepoint Web Security Proxy Connect Endpoint: build 19.08.4131
  • Forcepoint Web Security Direct Connect Endpoint: build 19.08.4131
  • Remote Filtering Client: build 19.08.4131
  • Forcepoint Endpoint Context Agent: build 19.08.4131
• Mac:
  • Forcepoint DLP Endpoint: build 19.08.0011
  • Forcepoint Web Security Proxy Connect Endpoint: build 19.08.0011
  • Forcepoint Web Security Direct Connect Endpoint: build 19.08.0011
  • Remote Filtering Client: build 19.08.0011

For more information about this release, see the Release Notes for Forcepoint One Endpoint v19.08.

This release reflects changes since the F1E v19.06 release on July 22, 2019. See the Release Notes for Forcepoint Endpoint v19.06 for more information about that release. See the Resolved and Known Issues for Forcepoint One Endpoint v19.06 Knowledge Base article for more information about the resolved and known issues in that release.
 

Resolved Issues

Forcepoint DLP Endpoint (Windows)

The following issues were resolved in this release of Forcepoint DLP Endpoint for Windows endpoint machines.

• Data can now be uploaded to SAP when Microsoft Office is open on a Windows endpoint machine with Forcepoint DLP Endpoint installed. (UEP-24258, EI-18697)
• For customers encrypting emails using SecureAge’s SecureMail, email messages sent from Forcepoint DLP Endpoint to Forcepoint DLP no longer show the email body as empty. (UEP-30458, EI-20382)
• Forcepoint DLP Endpoint no longer creates a block notification and incident when you delete a file (send to the Windows Recycle Bin) on an external USB drive. (UEP-30614, EI-20336)
• Print jobs are no longer slow when printing to a remote printer from a VMware Horizon 7.4.0 endpoint machine. (UEP-33000, EI-19054)
• Forcepoint DLP Endpoint now logs only one incident when an email is sent through Outlook and the action is Allow. This issue affected Forcepoint DLP Endpoint v19.03 and higher. (UEP-34464, EI-21581)
• Forcepoint DLP Endpoint now logs the correct number of violation triggers within a Microsoft Excel spreadsheet. This issue caused Forcepoint DLP Endpoint to log a different count when the spreadsheet was printed versus when it was sent as an email attachment. (UEP-34852, EI-20046)
• Windows endpoint machines no longer stop responding when you run an application from a network drive if both Forcepoint DLP Endpoint and BitDefender are installed on the endpoint machine. This issue caused a Windows stop error (i.e., blue screen error). (UEP-34911, EI-21655)
• Adobe Acrobat and Microsoft Word no longer stop responding when Forcepoint DLP Endpoint is installed on a Windows 10 1809 endpoint machine with FireEye HX Agent 29.7.0 and Kaspersky Endpoint Security 10 SP2 MR3. (UEP-35410, EI-21823)
• When auto-upgrading Forcepoint DLP Endpoint, the existing debugdump.txt file is no longer deleted during the upgrade. (UEP-36026)
• Internet Explorer now correctly submits transactions to Forcepoint DLP Endpoint. This issue was caused when the Windows Disc Cleaner tool deleted temporary folders that stored Forcepoint DLP Endpoint temp files. (UEP-36310, EI-22106)
• Forcepoint DLP Endpoint can now be installed on Windows endpoint machines where users have disabled the Windows Optical Media Filter Service. (UEP-36441)
• Fixed an issue that caused Forcepoint DLP Endpoint to run slowly. This issue caused an excessive number of handles and showed a "Failed to create a semaphore" error in the log file. (UEP-36532, EI-21585)
• When you enter the anti-tampering password in the Windows command line and add a double-quote (") to the end of the password, the double-quote causes an error message. The password is no longer shown as readable text in the error message. (UEP-36570, EI-22189)
• The Forcepoint DLP Endpoint Chrome extension no longer causes a conflict when the ExtensionInstallForceList exists at the machine level. (UEP-36877, EI-22221)
• Forcepoint DLP Endpoint now downloads library files only once from the Forcepoint DLP server. This issue affected Windows environments where the Forcepoint DLP server was installed on Microsoft Azure. (UEP-36925, EI-22118)
• The Forcepoint DLP Endpoint Confirmation Dialog window now allows up to 256 characters in custom messages within the <Content> tag. (UEP-37356, EI-22330)

Forcepoint DLP Endpoint (Mac)

The following issues were resolved in this release of Forcepoint DLP Endpoint for Mac endpoint machines.

• During an auto-update, Forcepoint DLP Endpoint now automatically copies the DLPAdminConfig file to the installation directory. (UEP-9340)
• If Forcepoint DLP Endpoint runs a discovery scan and the endpoint machine restarts during the scan, Forcepoint DLP Endpoint now marks the location and continues from there when the scan restarts. This issue caused the scan to restart at the beginning. (UEP-29587, EI-19729)
• Chrome Posts to box.com now correctly trigger incidents. (UEP-31453, EI-20264)
• The Forcepoint DLP Endpoint user interface and the Forcepoint Web Security Direct Connect Endpoint user interface can now be open at the same time. (UEP-31885)
• Forcepoint DLP Endpoint now works correctly on endpoint machines running macOS 10.14 and SentinelOne endpoint security software. (UEP-33831, EI-21076)
• Forcepoint DLP Endpoint no longer triggers a block action when you dismiss a meeting reminder for an Outlook meeting that contains sensitive data. This issue affected Outlook 2016, 2019, and 365 on macOS 10.14.4 and higher. (UEP-34511)
• Forcepoint DLP Endpoint now starts correctly after an auto-update. (UEP-35593)
• The Forcepoint DLP Endpoint extension now loads correctly in Chrome 75. (UEP-35886)
  Note: Forcepoint recommends that customers upgrading to Chrome 75 also upgrade to this version of Forcepoint DLP Endpoint. For more information, see the Forcepoint DLP Endpoint Chrome Extension Compatibility with Chrome v75 for Mac Knowledge Base article.
• Microsoft Outlook no longer stops responding when sending an email with sensitive data. This issue affected Microsoft Outlook on a Mac endpoint machine running Forcepoint DLP Endpoint. (UEP-36572)
  Note: If you compose an email that contains a sensitive keyword or attach a file that contains sensitive data to an email, you may still see a block notification even if you do not send the email. This is due to the auto-save feature in Outlook.
• The endpoint machine no longer becomes unresponsive when you attempt to print from any app. This issue affected Mac endpoint machines with both Forcepoint DLP Endpoint and Kaspersky anti-virus installed. (UEP-37324)
• Websites within the apple domain (apple.com) load correctly on Mac endpoint machines running Forcepoint DLP Endpoint. (UEP-37600, EI-22416)

Forcepoint Web Security Endpoint (Windows)

The following issues were resolved in this release of Forcepoint Web Security Endpoint for Windows endpoint machines.

• The Forcepoint Web Security Direct Connect Endpoint Diagnostics Tool now shows the correct country name (Ireland) in the Address information under Look up DNS when connected to the data center located in Ireland. (UEP-34463, EI-21482)
• Forcepoint Web Security Direct Connect Endpoint now works correctly when non-Windows NTLM or Kerberos proxy server settings are enabled. (UEP-35062)
• Forcepoint Web Security Direct Connect Endpoint now installs the certificate when Firefox v67 is installed on the Windows endpoint machine. This issue prevented end users from accessing HTTPS sites in Firefox. (UEP-35390)
• Forcepoint Web Security Proxy Connect Endpoint now bypasses applications that use the NATS protocol on Windows endpoint machines. (UEP-35463)
• Forcepoint Web Security Endpoint (Proxy Connect or Direct Connect Endpoint) no longer causes multiple QIPCap64.dll errors when the Forcepoint Web Security Endpoint and Symantec Endpoint Protection are installed on the same Windows endpoint machine. (UEP-35568, EI-21578)
• The Forcepoint Web Security Proxy Connect Endpoint Disable menu option is now shown correctly when an end user opens the menu from the Forcepoint One Endpoint icon on the Windows system tray's notification area. (UEP-36012)
• When auto-upgrading Forcepoint Web Security Endpoint, the existing debugdump.txt file is no longer deleted during the upgrade. (UEP-36026)
• Forcepoint Web Security Proxy Connect Endpoint no longer interferes with the Microsoft Dynamic CRM setup. (UEP-36340, EI-22068)
• When you enter the anti-tampering password in the Windows command line and add a double-quote (") to the end of the password, the double-quote causes an error message. The password is no longer shown as readable text in the error message. (UEP-36570, EI-22189)
• Forcepoint Web Security Proxy Connect Endpoint no longer causes multiple QIPCap64.dll errors when the Forcepoint Web Security Endpoint and Symantec Endpoint Protection are installed on the same Windows endpoint machine. (UEP-36939, EI-20745, EI-22424)
• Forcepoint Web Security Proxy Connect Endpoint no longer causes the Windows endpoint machine to become unresponsive after auto-updating to a 19.07 or 19.08 build. (UEP-38110, EI-22602)

Forcepoint Web Security Endpoint (Mac)

The following issues were resolved in this release of Forcepoint Web Security Endpoint for Mac endpoint machines.

• For certificate errors, Safari and Chrome now show the Direct Connect Endpoint block page instead of the browser error page. (UEP-24899)
• The Forcepoint DLP Endpoint user interface and the Forcepoint Web Security Direct Connect Endpoint user interface can now be open at the same time. (UEP-31885)
• Forcepoint Web Security Direct Connect Endpoint no longer causes excessive delays (20 seconds or longer) in Firefox 65 on Mac endpoint machines. (UEP-32375, EI-20998)
• The Forcepoint Web Security Direct Connect Endpoint proxy server requires appropriate username, password, and context to be used for HTTP/HTTPS in the keychain. (UEP-32968)
• The User Agent and Operating System attributes now show the correct user agent and operation system in Mac Forcepoint Web Security Direct Connect Endpoint Cloud reports. (UEP-33404)
• The Forcepoint Web Security Proxy Connect Endpoint now sends the NETBIOS domain name for the user authentication instead of the FQDN. This now matches the Windows behavior. (UEP-33540, EI-20650)
• Forcepoint Web Security Proxy Connect Endpoint no longer provisions additional user accounts to the Cloud policy after installation on Mac endpoint machines. (UEP-33750)
• The Forcepoint Web Security Proxy Connect Endpoint enforces the PAC file when the Proxy Connect Endpoint starts. (UEP-36548)
• The Forcepoint Web Security Direct Connect Endpoint correctly logs Restart events after the Mac endpoint machine is restarted. This issue affected Mac endpoint machines when the user was logged in to the domain and Forcepoint Web Security Direct Connect Endpoint was disabled at the time the endpoint machine was restarted. (UEP-36940)
• The Forcepoint Web Security Direct Connect Endpoint block page now shows the correct URL of the blocked web page on Mac endpoint machines. (UEP-36941)

Forcepoint Endpoint Context Agent (Windows)

The following issues were resolved in this release of Forcepoint Endpoint Context Agent for Windows endpoint machines.

• When an application is started using the "Run as a different user" option, Forcepoint ECA correctly reports that the application process was run by the user and not the user logged on to the Windows endpoint machine. (UEP-30474, NSEI-1719)
• The Forcepoint ECA configuration through the package builder now accepts configuration files with any valid filename, not just eca.conf or eca_client_yyyymmdd_number.xml. The configuration file is automatically converted to "eca.conf" when the Forcepoint ECA installation package is created through the package builder. (UEP-36560, NSEI-2108)

Forcepoint One Endpoint package builder

There were no package builder resolved issues in this release.

Known Issues

Forcepoint DLP Endpoint (Windows)

The following issues are known in this release of Forcepoint DLP Endpoint for Windows endpoint machines.

• Windows 10 Creators Update, version 1703, endpoint machines with either Forcepoint DLP Endpoint or a combination of Forcepoint DLP Endpoint and Forcepoint Web Security Endpoint may automatically reboot when running the Forcepoint Endpoint auto-update process. 
  • Workaround: Select the configuration for “no reboot” in the auto-update server. The endpoint machine will not automatically reboot itself after the auto-update process completes. However, since the installer requires a reboot to complete the installation process, Forcepoint Endpoint will not be auto-updated until the user reboots the endpoint machine or starts the EP manually.
• Forcepoint DLP Endpoint 19.08 displays confirmation dialog windows on the Web channel for specific user actions. If the user action is performed repeatedly, Forcepoint DLP Endpoint displays the confirmation dialog window multiple times within a short period of time. For example, if a user’s Gmail account is set to auto-save every 30 seconds, Forcepoint DLP Endpoint displays the confirmation dialog every 30 seconds. Forcepoint is working on a solution to identify multiple instances of the same behavior and stop the repeated display of the same confirmation dialog window.
• After creating a Forcepoint DLP Endpoint policy that includes browser file uploads to onedrive.live.com, Forcepoint DLP Endpoint may not block sensitive files sent (drag and drop) to Microsoft OneDrive. This issue has been identified using the Firefox or Chrome web browser on Windows endpoint machines.
• After creating a Forcepoint DLP Endpoint policy that includes browser file uploads to mail.aol.com, AOL mail may become unresponsive after blocking sensitive files over multiple attempts. This issue has been identified using the Firefox or Chrome web browser on Windows endpoint machines.
• After creating a Forcepoint DLP Endpoint policy that includes browser file uploads to box.com, Forcepoint DLP Endpoint may not block sensitive files sent to Box. This issue has been identified using the Internet Explorer v11 web browser on Windows endpoint machines.
• Endpoint status messages in Forcepoint DLP Endpoint do not display in the selected language. These messages only display in English.
• Forcepoint DLP Endpoint prevents web browsers (Chrome, Firefox, and Internet Explorer) from working if the File Access Endpoint Operation is checked in Forcepoint DLP under Endpoint Application Groups > Endpoint Application Group Details > Browsers.
• When you try to upload a sensitive file to Google Drive using Chrome, you may see multiple pop-up block messages even though you only tried to upload one file or you may see multiple confirmation dialog windows after you select the Block action in the first confirmation dialog window. This issue affects Windows 10 endpoint machine with Forcepoint DLP Endpoint installed.
• When you try to upload a folder containing several sensitive files to Google Drive using Chrome, you may see multiple confirmation dialog windows after you select the Block action in the first confirmation dialog window. This issue affects Windows 10 endpoint machine with Forcepoint DLP Endpoint installed.
• The OnlineApp function for file uploading to online file storage does not work correctly in Chrome 75 and higher on Windows endpoint machines.  Starting in Chrome 75, Google changed the Company Name from “Google Inc” to “Google LLC”. The Company Name value is used for criteria matching to trigger the OnlineApp function. As a result, the matching fails and OnlineApp stops functioning on Windows endpoint machines for Chrome 75 and higher. For more information about this issue and a workaround, see the Windows DLP Endpoint: OnlineApp function does not trigger in Chrome 75 and 76 Knowledge Base article.
• If your XenApp session times out, then you log on again, Citrix XenApp shows multiple Forcepoint DLP Endpoint icons on the system tray.
  • Workaround: 
    1. Add F1EUI.exe and dserui.exe to the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI\LogoffCheckSysModules 
    2. Restart the Citrix Virtual Delivery Agent.
• After installing Forcepoint DLP Endpoint on a XenApp server, the full path for Firefox is not shown under "Application Name" in the Log Viewer. 
• After upgrading Forcepoint DLP Endpoint from a conventional Forcepoint Endpoint version (v8.5 or lower) to Forcepoint DLP Endpoint v19.08 on a XenApp server, Chrome and Firefox do not launch from the Citrix StoreFront.
  • Workaround: Reboot the XenApp server after upgrading Forcepoint DLP Endpoint.

Forcepoint DLP Endpoint (Mac)

The following issues are known in this release of Forcepoint DLP Endpoint for Mac endpoint machines.

• On Mac endpoint machines (macOS 10.12.2 and later), Forcepoint DLP Endpoint should block email attachments that contain sensitive data when they are sent through web-based email services using the Google Chrome browser. This affects only attachments sent through the Endpoint HTTP/HTTPS channel. This issue is most likely to occur when multiple files are attached to one email, and when the attachments are Microsoft Office files (all versions of Office) and TXT files.
  • Workaround Option 1: If you are using Forcepoint DLP v8.4 or lower, add the File Access operation to the Chrome Endpoint application:

1. In the DLP module of the Forcepoint Security Manager, select Main > Policy Management > Resources.
2. Click Endpoint Applications Groups.
3. Click Browsers.
4. From Members, click Edit.
5. From Available Applications, select Chrome and move it to the Selected Applications box.
6. From Endpoint Operations, select File Access.
7. Save and deploy the changes.

• Workaround Option 2: If you are using Forcepoint DLP v8.5, configure online application support for Chrome:
  • Complete the DLP Configuration Requirements for Windows Chrome and Google Drive Support procedure in the Online file storage systems Knowledge Base article.
• Workaround Option 3: If you are using Forcepoint DLP v8.6, enable and configure online application support (this feature is hidden by default):

1. Run the following SQL command in your SQL database:

   UPDATE [wbsn-data-security].[dbo].[PA_CONFIG_PROPERTIES] SET VALUE = 'true' WHERE NAME = 'BROWSER_EXTENSION_FILE_UPLOAD_BYPASS_DETECTION'

2. Go to Endpoint Global Properties (Settings > General > Endpoint > Detection tab).
3. Check the Enable web file uploads analysis check box.
4. Complete the DLP Configuration Requirements for Windows Chrome and Google Drive Support procedure in the Online file storage systems Knowledge Base article.

• When localizing the language to Italian, some screens within the Forcepoint DLP Endpoint interface display numbers instead of text on Mac endpoint machines. 
• On Mac endpoint machines running Forcepoint DLP Endpoint, posting sensitive data to a website form’s input fields using the Chrome browser does not trigger Forcepoint DLP policies.
• Forcepoint DLP Endpoint incorrectly reports an incident when the end user moves the mouse over a sensitive file in the File Open dialog window while attaching a file to a Gmail message in Chrome. The incident should not be created until the sensitive file is attached. 
• Forcepoint DLP Endpoint incorrectly reports an incident when the end user moves the mouse over a sensitive file in the File Open dialog window while attaching a file to a Gmail message in Firefox. The incident should not be created until the sensitive file is attached.
• Forcepoint DLP Endpoint might show file upload incidents (false positives) even if actual files were not uploaded to cloud-based storage services. This issue affects Mac endpoint machines running macOS 10.14. 
• Synchronous XMLHttpRequest is not monitored when running the Safari extension on an endpoint machine running macOS 10.13.
• When using Outlook.com in Safari, you may encounter a memory error after the Forcepoint DLP Endpoint blocks an email containing sensitive content. 
  • Error: “This webpage is using significant memory. Closing it may improve the responsiveness of your Mac.”
  • Workaround: Restart Safari.

Forcepoint Web Security Endpoint (Windows)

The following issue is known in this release of Forcepoint Web Security Endpoint for Windows endpoint machines.

• Windows 10 Creators Update, version 1703, endpoint machines running a combination of Forcepoint DLP Endpoint and Forcepoint Web Security Endpoint may automatically reboot when running the Forcepoint Endpoint auto-update process. 
  • Workaround: Select the configuration for “no reboot” in the auto-update server. The endpoint machines will not automatically reboot itself after the auto-update process completes. However, since the installer requires a reboot to complete the installation process, Forcepoint Endpoint will not be auto-updated until the user reboots the endpoint machine or starts the EP manually.

Forcepoint Web Security Endpoint (Mac)

The following issues are known in this release of Forcepoint Web Security Endpoint for Mac endpoint machines.

• The password created during the installation process may not work when upgrading or downgrading Forcepoint Web Security Direct Connect Endpoint. 
• Forcepoint Web Security Direct Connect Endpoint goes into Fallback mode when Kaspersky Antivirus is installed on the same endpoint machine. 
• Forcepoint Web Security Direct Connect Endpoint currently double-filters network requests, once by the Forcepoint Web Security Direct Connect Endpoint, then by the Web Security Gateway. 
• After a Mac endpoint machine running macOS 10.13.6 is restarted twice, the Forcepoint Web Security Direct Connect Endpoint incorrectly reports a Fallback mode event.
• If Forcepoint Web Security Direct Connect Endpoint is in Fallback Fail Safe mode and the end user attempts to access a restricted web page, the browser may show a “Use Quota Time” web page. If the end user clicks the Use Quota Time button, the Direct Connect Endpoint does not redirect the end user to the destination web page.
• If Forcepoint Web Security Direct Connect Endpoint is in Fallback Fail Safe mode and the end user attempts to access a restricted web page, the browser may show a “Continue” web page. If the end user clicks the Continue to Site button, the Direct Connect Endpoint does not redirect the end user to the destination web page.

Forcepoint Endpoint Context Agent (Windows)

The following issues are known in this release of Forcepoint Endpoint Context Agent for Windows endpoint machines.

• The Forcepoint Endpoint Context Agent cannot get the status of the local firewall and antivirus software on Windows Server 2012 and 2016. 
• Network connections produced by some Windows processes do not provide metadata for Windows 10 Metro apps. 
• For NetBIOS Name Service connections produced by the SYSTEM executable, the signature check is successful even though the SYSTEM executable has no signer. 
• The Forcepoint Endpoint Context Agent collects group information for local users. Only group information read from Active Directory should be collected and sent to Forcepoint NGFW. 
• When a user upgrades from the Forcepoint Endpoint Context Agent 1.2 to a higher version (1.3 or 1.4), the installation package copies an ECA_Client*.xml configuration file to the installation directory. If the new ECA_Client*.xml configuration file does not contain the same settings as the old 1.2 ECA_Client*.xml configuration file, the new Forcepoint ECA client uses the new configuration and ignores the existing 1.2 configuration.
• The “Forcepoint ECA UI” process blocks users from logging off of the Citrix XenApp portal. The Forcepoint Endpoint Context Agent is not recommended for use in Citrix XenApp environments. 
• After installing Forcepoint Endpoint Context Agent using the MSI installer, the Forcepoint ECA service does not start. 
  • Workaround: Restart the endpoint machine to start the Forcepoint ECA service.
• Local blank metadata connections are shown in the log files. Local connections should not be shown in log files. 

F1E package builder

The following issue is known in this release of the Forcepoint One Endpoint package builder.

• In the Forcepoint One Endpoint package builder, version 19.08.4131, the Linux option is shown, but it cannot be selected.