Enforcement Agent

Install the TMWS Enforcement Agent to client machines to enforce the use of a PAC file for traffic forwarding and to automatically deploy the TMWS certificate to supported browsers.

The Enforcement Agent can be installed on Windows or Mac computers. Once installed, the agent does the following:

  • Ensures that the system proxy is set to the specified PAC file. The Enforcement Agent will change the system proxy back if it is changed.

  • Enforces the Firefox proxy setting Use system proxy settings.

    • On a Windows computer, TMWS locks this setting to prevent users from changing it.

    • On a Mac computer, if the setting changes, the Enforcement Agent notifies the user to revert to the enforced setting. If the user does nothing after one minute, Firefox closes.

  • Stops processes configured by an administrator. The Enforcement Agent by default will not close any processes.

  • (Windows-based Enforcement Agent only) Installs with an HTTP local proxy, which becomes the default system proxy after the agent is installed. The local proxy handles traffic that would normally be forwarded to the TMWS cloud-based proxy (proxy.iws-hybrid.trendmicro.com). This includes traffic for installed browsers and applications that leverage the system proxy. This mechanism addresses the limitations of cookie-based authentication.

    • For Intranet traffic, the local proxy forwards the traffic directly to the Intranet destination.

    • For Internet traffic, if TMWS has not authenticated the user previously, the local proxy forwards the traffic to the cloud-based proxy for authentication. If the authentication was successful, the cloud-based proxy sends user identity information back to the local proxy so that succeeding traffic bypasses authentication, thus improving efficiency.