netwrix · bturlea · Nov 27, 2025 · Nov 27, 2025
@@ -30,6 +30,114 @@ termination or modification of the Endpoint Protector Agent.
 When enabling Debug logging, deploying a fresh installation, or during upgrade processes where critical drivers/services (such as DPI, browser plugins, or Outlook add-ins) must be reloaded, it is recommended to restart the operating system. This mandatory first step in troubleshooting ensures that all dependencies are properly initialized."
 :::
 
+## Agent install parameters
+
+To improve the Endpoint Protector installation process, use the Endpoint Protector tool that allows
+you to run installation-related actions, identify your current Linux distribution, and view Endpoint
+Protector Release Notes.
+
+Use the following commands:
+
+- i - install
+- u - uninstall
+- rn - release notes
+- l - distribution list
+
+**Optional CLI commands for installers**
+
+
+### Windows
+You can also apply manual proxy settings using CLI commands:
+
+Example:
+
+msiexec.exe /i "C:\Work\Tools\EPPClientSetup.5.7.1.5_x86_64.msi" /q REBOOT=ReallySuppress
+RUNNOTIFIER=0 /log "C:\Windows\TEMP\epp-upgrade.log" WSIP="192.168.18.125"  WSPORT="8080" 
+DEPT_CODE="defdep"  PROXYIP="127.0.0.1" PROXYPORT="80" AUTHUSR="user_name" AUTHPASS="password"
+
+Where:
+
+- PROXY_IP – IP of the proxy
+- PROXY_PORT – Port of the proxy
+- AUTHUSR – Username (if authentication for proxy is needed)
+- AUTHPASS – Password (if authentication for proxy is needed)
+
+You can also use CLI Commands below to install Endpoint Protector Client in speciﬁc mode of working.
+
+- WSIP – server address
+- WSPORT – server port number
+- DEPT_CODE – department code
+- IPV6MAPPING – IPV6 Mapping IPv4 addresses
+- SUPPRESSRD – suppress FileRead/FileDelete events for NS and Removable devices
+- DISABLECAP – disabling loading of CAP drivers (CAP will not work)
+
+:::note
+Starting with the 2511 Clients release, the install parameters "IPV6MAPPING," "SUPPRESSRD," and "DISABLECAP" will persist during the EPP Client upgrade process.
+:::
+
+### macOS
+:::note
+For macOS, please contact the Netwrix Support team to obtain the latest version of the
+installer script, which allows customization of installation parameters.
+:::
+
+
+### Linux
+
+For Linux, you can only use CLI arguments in the options to bypass proxy settings.sh ﬁle. To do so,
+follow these steps:
+
+**Step 1 –** Access the installation folder, open a Terminal, and run the following command:
+
+`cd pathToLinuxClientFolder`
+
+**Step 2 –** To run commands as root, run the following command and type your password.
+
+`sudo su`
+
+**Step 3 –** Open the options.sh conﬁguration ﬁle with the following command:
+
+`gedit options.sh`
+
+**Step 4 –** In the conﬁguration ﬁle, you will view the following ﬁelds for the proxy setup:
+
+#EPPCLIENT_HTTPS_PROXY=
+
+#export EPPCLIENT_HTTPS_PROXY
+
+**Step 5 –** Remove the # before each entry to apply the proxy setups.
+
+**Step 6 –** For the ﬁrst proxy setup, EPPCLIENT_HTTPS_PROXY, add the proxy server information in
+the address:port:user:password format.
+
+**Example: EPPCLIENT_HTTPS_PROXY=address:port:user:password**
+
+**Step 7 –** Save the changes, and then run the installation without having a VPN connection:
+
+`bash install.sh`
+
+Additional CLI commands for Linux in speciﬁc mode:
+
+- #EPPCLIENT_SUPRESSRW - suppress FileRead/FileDelete events for NS and Removable devices
+- #EPPCLIENT_DISABLECAP - disabling loading of CAP drivers (CAP will not work)
+
+## Bypass Proxy Settings
+
+You have the ability to bypass proxy settings for all operating systems.
+
+#### Windows and macOS
+
+**Endpoint Protector Wizard Installer**
+
+Select the option to **Use Manual Proxy Settings** from the Endpoint Protector Wizard installer and
+then provide the following information:
+
+- Proxy IP – IP of the proxy server
+- Proxy Port – Port of the proxy
+- Select the Use authentication checkbox
+- Username – add proxy server username
+- Password – add proxy server password
+
 ## Agent Installation
 
 For Windows and Mac, your input in installing the Endpoint Protector Agent is minimal. The
@@ -147,6 +255,7 @@ macOS, you may still see EPPNotiﬁer in the Notiﬁcation settings. To remove i
 right-click and select "Reset notiﬁcations."
 :::
 
+For more information about Deep Packet Inspection and configurable options, please visit the dedicated [documentation section for DPI](/docs/endpointprotector/admin/cap_module/deeppacket.md).
 
 ### Debian Based Distributions
 

@@ -36,10 +36,17 @@ Enforced Encryption works on read-only mode if the device was formatted on Windo
 Encryption conﬁgured on Windows or some ﬁles were encrypted on Windows. On macOS, these ﬁles can be
 decrypted, except for NTFS due to incompatibility with Enforced Encryption.
 
+
+## Enforced Encryption 140-3 FIPS Validated Engine
+
 :::note
 Starting with Netwrix Enforced Encryption version 3.0.0.2 (5.9.4.2 release), a new encryption engine has been introduced, replacing the previous 256-bit AES CBC-mode encryption with FIPS 140-3 validated cryptography. This FIPS 140-3 validated encryption provides the highest standards of data protection, ensuring compliance with the latest industry regulations. While the new encryption engine is fully backward compatible for existing users, allowing for a seamless upgrade and continued use of previously encrypted drives, USB sticks encrypted with the FIPS 140-3 validated engine will not be compatible with older Enforced Encryption Clients. Therefore, we recommend updating EE Clients to ensure compatibility.
 :::
 
+To verify the version of the 140-3 FIPS validated engine and view certification details, check the "About" section in the Enforced Encryption application.
+
+![Enforced Encryption FIPS engine details](eeaboutfips.webp)
+
 ## Enforced Encryption Deployment
 
 Enforced Encryption is supported for both Mac and Windows computers.

@@ -128,123 +128,21 @@ conﬁguration ﬁle.
 Only the latest Endpoint Protector and Enforced Encryption Clients are available for download.
 :::
 
-To improve the Endpoint Protector installation process, use the Endpoint Protector tool that allows
-you to run installation-related actions, identify your current Linux distribution, and view Endpoint
-Protector Release Notes.
-
-Use the following commands:
-
-- i - install
-- u - uninstall
-- rn - release notes
-- l - distribution list
-
 When installing, you can simply click Generate to download a client with the configuration in the UI or
 copy the following details from this screen using the Copy button:
 
 - Endpoint Protector Server IP
 - Endpoint Protector Server port
 - Deprtment Code
 
-:::note
-Contact Customer Support to provide the tool as well as assistance.
-:::
-
 
 ![Download and install the Endpoint Protector Client corresponding to your operating system](ClientSoftwarePage.png)
 
 :::note
 Starting with the current release - 2509.0.1.0 - Endpoint Protector Client versions are displayed in the format XXXX.X.X.X on endpoints.
 :::
 
-
-### Bypass Proxy Settings
-
-You have the ability to bypass proxy settings for all operating systems.
-
-#### Windows and macOS
-
-**Endpoint Protector Wizard Installer**
-
-Select the option to **Use Manual Proxy Settings** from the Endpoint Protector Wizard installer and
-then provide the following information:
-
-- Proxy IP – IP of the proxy server
-- Proxy Port – Port of the proxy
-- Select the Use authentication checkbox
-- Username – add proxy server username
-- Password – add proxy server password
-
-**CLI commands**
-
-You can also apply manual proxy settings using CLI commands:
-
-Example:
-
-msiexec.exe /i "C:\Work\Tools\EPPClientSetup.5.7.1.5_x86_64.msi" /q REBOOT=ReallySuppress
-RUNNOTIFIER=0 /log "C:\Windows\TEMP\epp-upgrade.log" WSIP="192.168.18.125"  WSPORT="8080" 
-DEPT_CODE="defdep"  PROXYIP="127.0.0.1" PROXYPORT="80" AUTHUSR="user_name" AUTHPASS="password"
-
-Where:
-
-- PROXY_IP – IP of the proxy
-- PROXY_PORT – Port of the proxy
-- AUTHUSR – Username (if authentication for proxy is needed)
-- AUTHPASS – Password (if authentication for proxy is needed)
-
-You can also use CLI Commands below to install Endpoint Protector Client in speciﬁc mode of working.
-
-- WSIP – server address
-- WSPORT – server port number
-- DEPT_CODE – department code
-- IPV6MAPPING – IPV6 Mapping IPv4 addresses
-- SUPPRESSRD – suppress FileRead/FileDelete events for NS and Removable devices
-- DISABLECAP – disabling loading of CAP drivers (CAP will not work)
-
-:::note
-For macOS, please contact the Netwrix Support team to obtain the latest version of the
-installer script, which allows customization of installation parameters.
-:::
-
-
-#### Linux
-
-For Linux, you can only use CLI arguments in the options to bypass proxy settings.sh ﬁle. To do so,
-follow these steps:
-
-**Step 1 –** Access the installation folder, open a Terminal, and run the following command:
-
-`cd pathToLinuxClientFolder`
-
-**Step 2 –** To run commands as root, run the following command and type your password.
-
-`sudo su`
-
-**Step 3 –** Open the options.sh conﬁguration ﬁle with the following command:
-
-`gedit options.sh`
-
-**Step 4 –** In the conﬁguration ﬁle, you will view the following ﬁelds for the proxy setup:
-
-#EPPCLIENT_HTTPS_PROXY=
-
-#export EPPCLIENT_HTTPS_PROXY
-
-**Step 5 –** Remove the # before each entry to apply the proxy setups.
-
-**Step 6 –** For the ﬁrst proxy setup, EPPCLIENT_HTTPS_PROXY, add the proxy server information in
-the address:port:user:password format.
-
-**Example: EPPCLIENT_HTTPS_PROXY=address:port:user:password**
-
-**Step 7 –** Save the changes, and then run the installation without having a VPN connection:
-
-`bash install.sh`
-
-Additional CLI commands for Linux in speciﬁc mode:
-
-- #EPPCLIENT_SUPRESSRW - suppress FileRead/FileDelete events for NS and Removable devices
-- #EPPCLIENT_DISABLECAP - disabling loading of CAP drivers (CAP will not work)
+For more client install options, please refer to the dedicated article on [Agent Installation Options](/docs/endpointprotector/admin/agent.md)
 
 ## Client Software Upgrade