diff --git a/docs/endpointprotector/admin/agent.md b/docs/endpointprotector/admin/agent.md index fb5bc5eece..b7f64c1698 100644 --- a/docs/endpointprotector/admin/agent.md +++ b/docs/endpointprotector/admin/agent.md @@ -30,6 +30,114 @@ termination or modification of the Endpoint Protector Agent. When enabling Debug logging, deploying a fresh installation, or during upgrade processes where critical drivers/services (such as DPI, browser plugins, or Outlook add-ins) must be reloaded, it is recommended to restart the operating system. This mandatory first step in troubleshooting ensures that all dependencies are properly initialized." ::: +## Agent install parameters + +To improve the Endpoint Protector installation process, use the Endpoint Protector tool that allows +you to run installation-related actions, identify your current Linux distribution, and view Endpoint +Protector Release Notes. + +Use the following commands: + +- i - install +- u - uninstall +- rn - release notes +- l - distribution list + +**Optional CLI commands for installers** + + +### Windows +You can also apply manual proxy settings using CLI commands: + +Example: + +msiexec.exe /i "C:\Work\Tools\EPPClientSetup.5.7.1.5_x86_64.msi" /q REBOOT=ReallySuppress +RUNNOTIFIER=0 /log "C:\Windows\TEMP\epp-upgrade.log" WSIP="192.168.18.125"  WSPORT="8080"  +DEPT_CODE="defdep"  PROXYIP="127.0.0.1" PROXYPORT="80" AUTHUSR="user_name" AUTHPASS="password" + +Where: + +- PROXY_IP – IP of the proxy +- PROXY_PORT – Port of the proxy +- AUTHUSR – Username (if authentication for proxy is needed) +- AUTHPASS – Password (if authentication for proxy is needed) + +You can also use CLI Commands below to install Endpoint Protector Client in specific mode of working. + +- WSIP – server address +- WSPORT – server port number +- DEPT_CODE – department code +- IPV6MAPPING – IPV6 Mapping IPv4 addresses +- SUPPRESSRD – suppress FileRead/FileDelete events for NS and Removable devices +- DISABLECAP – disabling loading of CAP drivers (CAP will not work) + +:::note +Starting with the 2511 Clients release, the install parameters "IPV6MAPPING," "SUPPRESSRD," and "DISABLECAP" will persist during the EPP Client upgrade process. +::: + +### macOS +:::note +For macOS, please contact the Netwrix Support team to obtain the latest version of the +installer script, which allows customization of installation parameters. +::: + + +### Linux + +For Linux, you can only use CLI arguments in the options to bypass proxy settings.sh file. To do so, +follow these steps: + +**Step 1 –** Access the installation folder, open a Terminal, and run the following command: + +`cd pathToLinuxClientFolder` + +**Step 2 –** To run commands as root, run the following command and type your password. + +`sudo su` + +**Step 3 –** Open the options.sh configuration file with the following command: + +`gedit options.sh` + +**Step 4 –** In the configuration file, you will view the following fields for the proxy setup: + +#EPPCLIENT_HTTPS_PROXY= + +#export EPPCLIENT_HTTPS_PROXY + +**Step 5 –** Remove the # before each entry to apply the proxy setups. + +**Step 6 –** For the first proxy setup, EPPCLIENT_HTTPS_PROXY, add the proxy server information in +the address:port:user:password format. + +**Example: EPPCLIENT_HTTPS_PROXY=address:port:user:password** + +**Step 7 –** Save the changes, and then run the installation without having a VPN connection: + +`bash install.sh` + +Additional CLI commands for Linux in specific mode: + +- #EPPCLIENT_SUPRESSRW - suppress FileRead/FileDelete events for NS and Removable devices +- #EPPCLIENT_DISABLECAP - disabling loading of CAP drivers (CAP will not work) + +## Bypass Proxy Settings + +You have the ability to bypass proxy settings for all operating systems. + +#### Windows and macOS + +**Endpoint Protector Wizard Installer** + +Select the option to **Use Manual Proxy Settings** from the Endpoint Protector Wizard installer and +then provide the following information: + +- Proxy IP – IP of the proxy server +- Proxy Port – Port of the proxy +- Select the Use authentication checkbox +- Username – add proxy server username +- Password – add proxy server password + ## Agent Installation For Windows and Mac, your input in installing the Endpoint Protector Agent is minimal. The @@ -147,6 +255,7 @@ macOS, you may still see EPPNotifier in the Notification settings. To remove i right-click and select "Reset notifications." ::: +For more information about Deep Packet Inspection and configurable options, please visit the dedicated [documentation section for DPI](/docs/endpointprotector/admin/cap_module/deeppacket.md). ### Debian Based Distributions diff --git a/docs/endpointprotector/admin/ee_module/eeaboutfips.webp b/docs/endpointprotector/admin/ee_module/eeaboutfips.webp new file mode 100644 index 0000000000..f32471016e Binary files /dev/null and b/docs/endpointprotector/admin/ee_module/eeaboutfips.webp differ diff --git a/docs/endpointprotector/admin/ee_module/eemodule.md b/docs/endpointprotector/admin/ee_module/eemodule.md index 6ae3848849..117f000a3d 100644 --- a/docs/endpointprotector/admin/ee_module/eemodule.md +++ b/docs/endpointprotector/admin/ee_module/eemodule.md @@ -36,10 +36,17 @@ Enforced Encryption works on read-only mode if the device was formatted on Windo Encryption configured on Windows or some files were encrypted on Windows. On macOS, these files can be decrypted, except for NTFS due to incompatibility with Enforced Encryption. + +## Enforced Encryption 140-3 FIPS Validated Engine + :::note Starting with Netwrix Enforced Encryption version 3.0.0.2 (5.9.4.2 release), a new encryption engine has been introduced, replacing the previous 256-bit AES CBC-mode encryption with FIPS 140-3 validated cryptography. This FIPS 140-3 validated encryption provides the highest standards of data protection, ensuring compliance with the latest industry regulations. While the new encryption engine is fully backward compatible for existing users, allowing for a seamless upgrade and continued use of previously encrypted drives, USB sticks encrypted with the FIPS 140-3 validated engine will not be compatible with older Enforced Encryption Clients. Therefore, we recommend updating EE Clients to ensure compatibility. ::: +To verify the version of the 140-3 FIPS validated engine and view certification details, check the "About" section in the Enforced Encryption application. + +![Enforced Encryption FIPS engine details](eeaboutfips.webp) + ## Enforced Encryption Deployment Enforced Encryption is supported for both Mac and Windows computers. diff --git a/docs/endpointprotector/admin/systemconfiguration/overview.md b/docs/endpointprotector/admin/systemconfiguration/overview.md index c83b255214..bddbc1665a 100644 --- a/docs/endpointprotector/admin/systemconfiguration/overview.md +++ b/docs/endpointprotector/admin/systemconfiguration/overview.md @@ -128,17 +128,6 @@ configuration file. Only the latest Endpoint Protector and Enforced Encryption Clients are available for download. ::: -To improve the Endpoint Protector installation process, use the Endpoint Protector tool that allows -you to run installation-related actions, identify your current Linux distribution, and view Endpoint -Protector Release Notes. - -Use the following commands: - -- i - install -- u - uninstall -- rn - release notes -- l - distribution list - When installing, you can simply click Generate to download a client with the configuration in the UI or copy the following details from this screen using the Copy button: @@ -146,10 +135,6 @@ copy the following details from this screen using the Copy button: - Endpoint Protector Server port - Deprtment Code -:::note -Contact Customer Support to provide the tool as well as assistance. -::: - ![Download and install the Endpoint Protector Client corresponding to your operating system](ClientSoftwarePage.png) @@ -157,94 +142,7 @@ Contact Customer Support to provide the tool as well as assistance. Starting with the current release - 2509.0.1.0 - Endpoint Protector Client versions are displayed in the format XXXX.X.X.X on endpoints. ::: - -### Bypass Proxy Settings - -You have the ability to bypass proxy settings for all operating systems. - -#### Windows and macOS - -**Endpoint Protector Wizard Installer** - -Select the option to **Use Manual Proxy Settings** from the Endpoint Protector Wizard installer and -then provide the following information: - -- Proxy IP – IP of the proxy server -- Proxy Port – Port of the proxy -- Select the Use authentication checkbox -- Username – add proxy server username -- Password – add proxy server password - -**CLI commands** - -You can also apply manual proxy settings using CLI commands: - -Example: - -msiexec.exe /i "C:\Work\Tools\EPPClientSetup.5.7.1.5_x86_64.msi" /q REBOOT=ReallySuppress -RUNNOTIFIER=0 /log "C:\Windows\TEMP\epp-upgrade.log" WSIP="192.168.18.125"  WSPORT="8080"  -DEPT_CODE="defdep"  PROXYIP="127.0.0.1" PROXYPORT="80" AUTHUSR="user_name" AUTHPASS="password" - -Where: - -- PROXY_IP – IP of the proxy -- PROXY_PORT – Port of the proxy -- AUTHUSR – Username (if authentication for proxy is needed) -- AUTHPASS – Password (if authentication for proxy is needed) - -You can also use CLI Commands below to install Endpoint Protector Client in specific mode of working. - -- WSIP – server address -- WSPORT – server port number -- DEPT_CODE – department code -- IPV6MAPPING – IPV6 Mapping IPv4 addresses -- SUPPRESSRD – suppress FileRead/FileDelete events for NS and Removable devices -- DISABLECAP – disabling loading of CAP drivers (CAP will not work) - -:::note -For macOS, please contact the Netwrix Support team to obtain the latest version of the -installer script, which allows customization of installation parameters. -::: - - -#### Linux - -For Linux, you can only use CLI arguments in the options to bypass proxy settings.sh file. To do so, -follow these steps: - -**Step 1 –** Access the installation folder, open a Terminal, and run the following command: - -`cd pathToLinuxClientFolder` - -**Step 2 –** To run commands as root, run the following command and type your password. - -`sudo su` - -**Step 3 –** Open the options.sh configuration file with the following command: - -`gedit options.sh` - -**Step 4 –** In the configuration file, you will view the following fields for the proxy setup: - -#EPPCLIENT_HTTPS_PROXY= - -#export EPPCLIENT_HTTPS_PROXY - -**Step 5 –** Remove the # before each entry to apply the proxy setups. - -**Step 6 –** For the first proxy setup, EPPCLIENT_HTTPS_PROXY, add the proxy server information in -the address:port:user:password format. - -**Example: EPPCLIENT_HTTPS_PROXY=address:port:user:password** - -**Step 7 –** Save the changes, and then run the installation without having a VPN connection: - -`bash install.sh` - -Additional CLI commands for Linux in specific mode: - -- #EPPCLIENT_SUPRESSRW - suppress FileRead/FileDelete events for NS and Removable devices -- #EPPCLIENT_DISABLECAP - disabling loading of CAP drivers (CAP will not work) +For more client install options, please refer to the dedicated article on [Agent Installation Options](/docs/endpointprotector/admin/agent.md) ## Client Software Upgrade