Quantcast
Channel: Forcepoint Community
Viewing all 2011 articles
Browse latest View live

Testing Antivirus Functionality- EICAR is still downloadable!

May 2, 2014, 7:43 am
$
0
0

Hi

The built-in Antivirus of Websense Cloud Web Security Gateway should prevent our Users from downloading malicious Attachements (E.g. from privat Webmail Accounts)

Therefore we have tried to test that functionality with the EICAR Virus. www.eicar.org

All tough we have enabled "Antivirus File Analysis - Inbound" ---> Analyze content from sites with elevated risk profiles and from sites with lower risk profiles......  we are still able to download the EICAR Testvirus. So from my side it looks that Antivirus is not working properly..

Can somebody from this forum test, if the EICAR will be detected on their websense environment?

Or does anybody knows, why the EICOR isn't detected by Websense (WS Support has no idea and told me that my setup is correct)

Thank you

Daniel

Search

Detail sources & destinations when exporting policy to PDF

May 4, 2014, 7:15 pm
$
0
0

The customer set over 100 rules and exceptions, most of the rules were set for specific sources or destinations. The administrator exported the policies to PDF, but there are only 'selected xxxx' infomation in it, no detail list. If want to know the detail, he need to click the ruels one by one. We would like to request a feature to get the full policiy and rule informaiton.

MGMT Console will not load, "No Policy Server running"

November 11, 2013, 7:25 am
$
0
0

Running Triton 7.8 with Web Security only.  This is a newly built server, everything was working fine and the end of last week, nothing changes were made over the weekend.  This morning I am unable to log into the management console for Web Security.  Logging in using the built-in admin account shows the following message:

The Web Security manager cannot connect to Policy Server. Make sure Policy Server is running, and that network communication is possible between the TRITON management server and the Home Policy Server machine. To attempt to restart the Home Policy Server, click Restart.

Logging in as a delegated admin

Web Security could not be launched.

There is no Policy Server running at this IP address.

All services are running and there are no errors in the Windows Application log.  Traffic is still being filtered and the correct policies appear to be being used.

I see the following errors in tomcat\logs\websense.log when logging in as a network account

2013-11-11 10:19:35,122 [http-bio-127.0.0.1-18440-exec-1] ERROR com.websense.shared.WIFFLE.WsConfigServiceProxy - Error retrieving service version for WsConfigService: 10.125.122.18
2013-11-11 10:19:35,122 [http-bio-127.0.0.1-18440-exec-1] ERROR com.websense.admin.fw.server.wiffle.dao.WiffleCommManagerImpl - Error connected to the Policy Server @10.125.122.18:55806because: Failed to get Config Service Version from Server.
2013-11-11 10:19:35,126 [http-bio-127.0.0.1-18440-exec-1] ERROR com.websense.admin.fw.eip.WebEipAgentAdministratorsStrategyImpl - WSG Server Side Errors during login attempt.
2013-11-11 10:19:35,127 [http-bio-127.0.0.1-18440-exec-1] ERROR com.websense.java.eip.agent.webaction.interactions.SSOPairingInteractionHandler - Failed to update administrator state: [isSuccess? false; messages: (login_policyserver_missing_error)There is no Policy Server running at this IP address. ;]
2013-11-11 10:19:35,127 [http-bio-127.0.0.1-18440-exec-1] ERROR com.pa.fw.server.integration.applicationservice.IntegrationConnectorHandlerAdvice - Error occurred during integration connector action, making sure the ResultDescriptor is marked as failed

I have gone through the troubleshooting steps in this article http://www.websense.com/support/article/kbarticle/There-is-No-Policy-Server-Running-at-this-IP-Address

 

7.5 to 7.8.x : application and OS upgrade : To Migrate or to Start Fresh - that is the question

May 5, 2014, 4:56 pm
$
0
0

Hi. I've inherited the following environment and the following business requirements:

*   (2) Win2k8 SP2  x86 systems (VMWare actually) running Web-Security v7.5  that uses a SQL Win2k8 R2 Enterprise backend

*    we want to upgrade to at least v7.7 so that we can use Citrix Integration with XenApp 6.5 environment 

 

Here is our (2) Websense servers are setup in terms of roles:

Win2k8 Standard / SP2   (SystemA)

  • Filtering Svc
  • Network Agent
  • Policy Server
  • Usage Monitor
  • User Server
  • Control Service

Win2k8 Enterprise / SP2 (SystemB)

  • DC agent
  • Explorer Report Scheduler
  • Filtering Service
  • Info Service for Explorer
  • Log Server
  •  Network Agent
  • Policy Broker
  • Policy DB
  • Policy Server
  • Reporter scheduler
  • Usage Monitor
  • User Service
  • Control Service

 

I've seen the documentation regarding using pgsetup to migrate policies to a new system, but am wondering if its worth the hassle since we have to not only upgrade to Win2k8 R2, and do an application upgrade.  Perhaps its just easier to build (2) new Win2k8R2 systems, and then configure the policies from scratch? I dont think our setup is that complex so rebuilding from scratch might not be too laborious

From a DB perspective, it seems that the DB structure/schema changes from 7.6 > 7.7 and 7.8 ... however, it seems that our SQL Db has over (100) different 5.2gb DB files and the volume just continues to grow.. files such as wslogdb70_10, wslogdb70_11, etc.. all the way up to like wslogdb70_105  -  surely this cant be right.  Which is another reason I'm thinking that we just use a brand new DB.   For legacy reporting, if we started fresh, how would we pull reporting from the 7.5 data? 

Thoughts, feedback, advice?  All is welcome.  

Thanks!

Facebook block messages cover up page content

May 6, 2014, 7:47 am
$
0
0

We block Facebook on our corporate internet but more and more we're finding legitimate sites are embedding Facebook "Like" links which cause Websense to display a rather large "Content Blocked" message that covers up text and other information on the page. Has anyone run into this? Can the messages be suppressed somehow? We're using an older version of WS from 2009 - Websense Manager 7.1 and most of our PC's are still running XP with IE 8. I'd include a screenshot of what I'm trying to describe but I can't seem to figure out how to do that. Thanks for any help!

 

 

OpenSSL Heartbleed hotfix 4 error on CentOS 6.4

May 7, 2014, 3:09 am
$
0
0

[root@xxxxxxxx wcg_v782]# sudo ./install.sh
egrep: /etc/Websense: No such file or directory
Begin installing Hotfix_04_OpenSSL_Fix_HeartBleed.tar.gz...
Prepare hotfix...
Stopping Websense Services...
./install.sh: line 110: /WebsenseAdmin: No such file or directory
WSE is stopped normally!
Backup files to folder /bin/hotfix...
Replace files...
tar: bin/libcrypto.so.1.0.0: Cannot chdir: No such file or directory
tar: Error is not recoverable: exiting now
chmod: cannot access `/webroot': No such file or directory
Starting Websense Services...
./install.sh: line 64: /WebsenseAdmin: No such file or directory
WSE is running normally!

Hotfix_04_OpenSSL_Fix_HeartBleed.tar.gz was successfully installed!

Running Websense Network Agent on a Riverbed EX Granite/SteelFusion VSP(VMWare ESXi)

May 7, 2014, 10:25 pm
$
0
0

We're deploying Riverbed EX w/ Granite/SteelFusion or whatever their marketing guys want to call it next week. 

There's pretty decent articles out there for the previous generation of Riverbed Steelhead 1050: http://kb.websense.com/pf/12/webfiles/WBSN%20Documentation/v7.1/Riverbed%20Steelhead/Windows%20hosting%20WSG/GettingStarted.pdf

But none after that. I understand that the 1050 ran a modified version of VMWare Server, and 1060 runs a full blown ESXi 5.1.

My question is do I still need to hard tap a switch port with port spanning enabled? Or since all the traffic is flowing through the Riverbed if I set the vNICs as documented in the older documentation it'll flow through? Do I need to do something to the upstream ASA?

Would appreciate any advice from anyone that's attempted to do the same.

Thanks!

Request for "Allow access" action for "File Blocking"-"File Types"

March 13, 2014, 5:10 am
$
0
0

"Web Security"-"FileBlocking"-"FileTypes" classifications currently have actions of "Do not block" & "Block access".    Request an additional action of "Allow access".

Under a "File Type" option (such as "Executable Files")  we use use "Category Specific Blocking" where most categories are set "Block access".  Do have instances where we wish to set exceptions to allow our users access to that file type for a particular domain.

Have tried creating a Custom Category and adding the allowed domain.  For that File Type have set the created Custom Category to "Do not block".  Unfortunately the user is still blocked from accessing the file.  Assume the Category "Block access" setting is taking priority over the Custom Category "Do not block"  as per the "Web Category"'s precedence rules.

The "Allow access" action applied to a Custom Category should allow me to overide a general Category "Block access" for specific list of domains.

 

Search

When the Masterdatabase is downloaded, how large is the file if it is updated on a daily basis?

May 8, 2014, 1:12 pm
$
0
0

I would like to know how large a typical daily download would be in size.

How much data is being transmitted from Websense to my Websense server when it updates the Masterdatabase on a daily basis?

 

Thank you

I have been asking questions and getting no replies?

May 8, 2014, 1:14 pm
$
0
0

The questions I am asking are as straight forward as I can make them, I am not getting any replies though, what gives?

No Internet Access

May 8, 2014, 9:53 am
$
0
0
We have installed a new WSGA 7.8 in our organization this last week. We are using the IWA for authentication. The computers that are on the Ethernet connection are showing a "No Internet Access" in the toolbar in the bottom right. They are getting access to the internet.... any recommendations?

Request : no limitation for SNMP community name

May 9, 2014, 3:28 am
$
0
0

Hi

 

There are currently a limitation in SNMP community name for V5000 appliance (version 7.8.2).

The community name can't be shorter than 5 characters  : can you please remove this limitation ?

 

AFAIK, this limitation doesn't exist in Triton SNMP monitoring, and it's not a part of RFC1157 about SNMP v1 (from 1990 ...)

 

Best Regards

Jean-Baptiste DURAND

User Service AD Bind Problem After Password Change

May 9, 2014, 10:59 am
$
0
0

After submitting this case on 5/1/2014 and having received exactly one canned e-mail with links to KB articles that have nothing to do with this problem I’m posting here hoping that some of you good people can help…

Web Security 7.5

We need to change the domain administrator password. Unfortunately we used the domain “Administrator” account as the administrative account for the directory service in Websense. We are not using the domain Administrator credentials to run any of the Websense services. Our Active Directory is in native mode and is at functional level Windows Server 2008 R2.

If I change the password for the domain Administrator account and then go into the Triton Unified Security Center (Web interface), under “Directories” we have “Active Directory (Native Mode) checked and under “Windows NT Directory / Active Directory (Mixed Mode) we had the domain Administrator account credentials entered. Changing the password there does not seem to complete the process and this is the only place where a username and password is cached that I can find. I can’t find any interface in the TRITON console that allows me to add or edit the global catalog server like I’ve seen in KB articles about Active Directory integration showing it done in Websense Manager. I have changed the administrative account on the Directory Service Settings page to a different account, saved everything, and yes restarted all the services. Everything works until I again try to change the domain administrator password and then Websense fails. Computers that are set to prompt for logon information fail and we get application event 4096 on the server, source: WebsenseUserService, Description: “An error occurred while binding to the directory server. Ldap_simple_bind: Invalid credentials” for the domain administrator account.

What am I missing? Where are these credentials being cached?

Facebook - Cant view everything

May 9, 2014, 8:05 am
$
0
0

I have facebook.com permitted for certain users. They are able to go to the page no problem but it doesnt complete, there are red x'x for the pictures etc...

I want to do a report to see where the url's are that they are trying to access and are possible being blocked. From all the reports to choose from, where can I just see where a certain user has been browsing?

Thanks.

Websense 7 Manager Timeout

June 15, 2009, 10:55 am
$
0
0

Hi,

I was wondering if there was a way to change the default timeout of 30 minutes to something more reasonable? 30 minutes is rediculous. It also times out the Investigative Reports when open in a new window causing me to lose what I had on the screen.

At least in Websense 6 you could change the timeout to something more reasonable.

Thank you,

Steve

Search

New feature request (Triton Cloud Security) Email alerting on the Reporting module

May 9, 2014, 6:25 pm
$
0
0

Hello,

It would be very useful to have the ability to configure email alerts on the Security Events which get generated under the Threats menu (Bot networks, Malicious sites, Suspicious link…etc). This is particularly useful when a user's machine gets infected with malware and the software tries to go out to the internet. It is critical to get this type of information while is happening so that the admins can take action immediately.

Best Regards.

Normal 0 false false false EN-US X-NONE X-NONE

Webcatcher upload time customization

May 12, 2014, 4:45 am
$
0
0

Hi,

I would like to ask if there is a chance that the time when WebCatcher feed uploaded to Websense could be customized?

Currently, it seems only reaching a pre-defined max file size would trigger a download.

If that file size is not reached, then the time specified for daily uploads would be used to send the feed to Websense.

Sending uncategorized URLs to Websense for fast categorization could be a lot better and reliable if the frequency for daily uploads could be more frequent (e.g. once per hour) and would not depend on the file size tweaking settings.

This, of course assumes, that WebCatcher feeds (URLs) are evaluated more frequently than once  per day.

Please let me know if this could be considered as feature request.

Default Policy being applied to users that already have a policy

May 12, 2014, 7:15 am
$
0
0

I have policies applied to OU's in AD. Today I get a call that users are getting block pages. I use the toolbox tool check policy on the Triton Console that tells me what policy is being applied to a user. It says the default policy is begin applied which explains why certain sites are being blocked for these users. But what doesn't make sense is that under the client section I still see my other policies being applied to the OU that these users are members of. So they should only get the default policy if no other policy is applied. Another policy IS being applied. Any help? I did try to remove the policy and reapply but this did not help.

Pinterest - IP Address listing?

May 13, 2014, 8:57 am
$
0
0

Does anyone have a comprehensive list of IP addresses in use by Pinterest? I really don't want to keep doing nslookup queries and doing it that way and I don't see a list provided by Pinterest.

 

Staples.com

May 13, 2014, 12:22 pm
$
0
0

This is the ONLY Website that I know that can have issues with Websense, by NOT being blocked of limited. What happens in this case is that the page becomes jumbled up junk and not a clear page with proper formatting. I have fixed this once before simply by restarting the Websense service, but it still happens with users from time to time. Regardless of level of access, it ONLY happens on Staples.com

Any ideas?

We are using Websense 7.5 (I know it's old, but it still works)

Viewing all 2011 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>