if you are just deploying the endpoint client, you just need to package the WebsenseEndponit.pkg. Other files are not required.

You will need to add a - Configuration Profile > Approved Kernel Extensions with Team ID C489D5E8E8 - Configuration Profile > Privacy Preferences Policy Control. I just need to know the CODE REQUIREMENT for it as I don't know it.

Forcepoint is kinda annoying, the application manufacturer makes the product for macOS but does not officially support it on macOS. We deploy the forcepoint installer and use a scrip to install it, and have a configuration profile to do everything needed for forcepoint to work. I attached screenshots of our configuration profile for forcepoint, and the script we use to install it. If this does not get you going you may need to get with forcepoint.

#!/bin/sh
## postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

tritonClassifier="/private/tmp/RGBK/Forcepoint_Endpoint_20.05/WebsenseEPClassifier.pkg"
tritonEndpoint="/private/tmp/RGBK/Forcepoint_Endpoint_20.05/WebsenseEndpoint.pkg"

#Install WebsenseEPClassifier.pkg
sudo installer -pkg $tritonClassifier -target / -allowUntrusted

#Install WebsenseEndpoint.pkg
sudo installer -pkg $tritonEndpoint -target /

#Wait 5 Seconds and deleted local installation files
sleep 5
sudo rm -rfv /private/tmp/RGBK/Forcepoint_Endpoint_20.05

exit 0 ## Success

I know I am a little late to the party here and it may be irrelevant now, but can @AJPinto can you paste the text for the code snapshot?  I am not sure I transcribed that right.  I'm wrestling with Forcepoint One config right now as it is.  Being quite a few versions behind does not help though.  😕

@dshepp33 

Even I'm late for the party but here you go the Code Requirements, not sure if you still looking for these 😄 😛 

Team ID: C489D5E8E8
Bundle ID: com.websense.endpoint

1 Identifier:
/Library/Application Support/Websense Endpoint/EPClassifier/EndPointClassifier

Id type: Path

code requirement:

anchor apple generic and identifier "com.websense.endpoint" and [certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] =C489D5E8E8]

syspolicyallfiles - allow

static code validation: check mark

2 Identifier:
/Library/Application Support/Websense Endpoint/DLP/wsdlpd

ID type: Path

code:

anchor apple generic and identifier wsdlp and [certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] =C489D5E8E8]

syspolicyallfiles - allow

static code validation: check mark

3 Identifier:
com.websense.endpoint.helper

ID type: Bundle ID

Code:

anchor apple generic and identifier "com.websense.endpoint.helper" and [certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] =C489D5E8E8]

static code validation: check mark

Accessibility: Allow

For similar config, check https://techzone.vmware.com/deploying-vmware-carbon-black-cloud-sensor-workspace-one-uem#macos-prere...

Can someone confirm this is still working in 2024