Preparing for DLP Management Server Installation

I want to prepare for DLP Management Server installation.

Before installing Forcepoint DLP, you must complete all the preparatory steps in order to accomplish a successful installation.

Windows considerations Domain considerations Antivirus Other considerations

▪ Make sure all Microsoft updates Disable any antivirus software on the machine ▪ Before beginning the installation
have been applied. There ▪ The servers running Forcepoint DLP software can prior to installing management server process, disable User Account
should be no pending updates, be set as part of a domain or as a separate components. Be sure to re-enable antivirus Control (UAC) and Data Execution
especially any requiring a restart workgroup. If there are multiple servers, or if the software after installation. Prevention (DEP) settings, and
system will be configured to run commands on file
of the system. make sure that no Software
servers in response to discovery, it is a best practice Exclude the following Forcepoint files and
Restriction Policies will block the
▪ Make sure that the .NET to make the servers part of a domain. folders from antivirus scans to avoid
installation. The UAC settings can
Framework v3.5 and v4.6-4.8 performance issues:
▪ Strict group policy objects (GPOs) may interfere with be re-enabled following
are installed on the management Forcepoint DLP and affect system performance, or ▪ The product installation folder, which, by installation.
server. even cause the system to halt. To avoid this issue, default, is one of the following:
when adding Forcepoint DLP servers to a domain, ▪ If Forcepoint DLP will be used
make them part of an organizational unit that does • *:\Program Files\Websense with Microsoft SQL Server
Synchronizing clocks
not enforce strict GPOs. • *:\Program Files (x86)\Websense Standard or Enterprise, make sure
▪ If you are distributing Forcepoint that SQL Server and the SQL
▪ Certain real-time antivirus scanning can downgrade ▪ *:\Program files\Microsoft SQL Server\*.* Server Agent are running.
components across different system efficiency. This problem can be reduced by
machines in your network, excluding some directories from that scanning. ▪ C:\Documents and Settings\<user>\Local
synchronize the clocks on all Settings\Temp\*.*
machines where a Forcepoint Note:
▪ %WINDIR%\Temp\*.* • Do not install Forcepoint components
component is installed. It is a
Notes: on a machine whose fully-qualified
good practice to point the ▪ The forensics repository (configurable,
• Do not install Forcepoint DLP on a domain controller domain name (FQDN) contains an
machines to the same Network defaults to the Websense folder)
machine. underscore. The use of an underscore
Time Protocol server. • If the deployment will include one or more Forcepoint V character in an FQDN is inconsistent
Series appliances, synchronize the management with Internet Engineering Task Force
server’s system time to the appliance system time. (IETF) standards.

Related products: Data Loss Prevention © 2021 Forcepoint Public 1