Quantcast
Channel: Forcepoint Community
Viewing all 2011 articles
Browse latest View live

Allerts - Suspicious Activity within Specified Time Period

June 18, 2014, 10:02 am
$
0
0

Normal 0 false false false EN-US X-NONE X-NONE

We would like to see more granular control over suspicious activity alerts. Currently, Websense aggregates hits to security risk websites, and alerts are configured to trigger on these aggregated numbers. Unfortunately, if the user visits security risk websites (directly or indirectly) within a large time period (e.g., 30 days), we cannot gauge persistency of the hits and draw correlations to a potential malware infection. In other words, having the capability of configuring an alert to only send notifications when the user visits suspicious websites within a specific time period; 10 visits to a high-risk URL within 2 minutes is much more important than 10 visits over 30 days without persistency.

Search

Export / Import OR auto-sync SSL exceptions between different Content Gateway clusters

June 18, 2014, 11:55 pm
$
0
0

Feature description: Need a way to be able to export / import SSL Decryption exception settings  from 1 content gateway cluster to many within the same Web Security Gateway deployment (appliance based WCG).

Best option would be to have the auto sync within the same deployment just like Policy.

Justification: Manually replicating the same SSL settings to 10+ WCG cluster managed within the deployment is impractical and have a lot of potential that someone will be missed and inconsistent within the deployment.

Impact on business: Inconsistent SSL decryption settings across regional proxy gateway clusters, resulting in inconsistent content inspections. Labor intensive maintenance work required to replicate the same setting manually.

Policy Broker without Policy Server

October 17, 2013, 8:41 am
$
0
0

Dear all,

is there a way to install Policy Broker on a server but without installing the Policy Server?

My idea is that i have two appliances running in user directory and filtering mode and i have one TRITON server with Policy Broker/Policy Database on it.

If you have some idea please share with me. :)

Thank you in advance.

Best Regards,

Erik Molnar

Role Based Access for Service/Help Desk

June 19, 2014, 6:58 am
$
0
0

One of the biggest tasks is the day to day unblocking of websites for end users. It would be very nice if I could assign permissions that would allow our service desk to do this without giving them way more rights than they need.

Exceptions for specific protocol links

June 19, 2014, 9:33 am
$
0
0

There are exceptions for http and https, but not for protocol links.  Having exceptions for protocol links would also be useful.

Websense Server Performance Issue..

December 27, 2013, 9:48 pm
$
0
0

Hi,

We are using Websense Web security 7.7 in our environment. which was installed in windows 2008 r2 server.Now we facing some issue that during peak hour it will take long time to login. To investigate the issue I found  lot of files named WebsenseConfigOutput0.txt.3 , WebsenseOsgiOutput0.txt.2.lck& WebsenseConfigOutput0.txt.1.lck created in c:\Windows\temp folder ereveryday. I was unable to delete these files as they are used by different Websense services.kindly guide me how to delete these files.

Thanks in advance.

Websense Web Security install Stand-alone over vmware

June 20, 2014, 8:30 am
$
0
0

It´s possible to install Websense web security v7.7 stand-alone over vmware?

 

Feature requst - block messages based on specific EXIF data field in JPG files

June 23, 2014, 3:54 am
$
0
0

We have a requirement to block messages with an attachment based on classification fields in JPG EXIF data.

We have an external tool to set a classification into EXIF data of a JPG file.
We have a requirement to check for this classification field within DSS. 

So if the classification is not found in JPG files, it is not allowed to the internet. Same thing if there is a clasification found, but it contains a certain value.

Could this be implemented?

 

Best regards,

Arjan Schel

Search

Web site load times

June 23, 2014, 6:45 am
$
0
0

We have created a custom category called "Amtrust Approved Sites" that we have set as permitted for all filters. Any site that we deem as needed for all employees of the company is added to this category.

On one filter we have the "Financial Data and Services" category permitted. We have noticed that with ncci.com and wellsfargo.com, which both reside in this category, do load as they should. But they load very slowly. I added both those URL's into the "Amtrust Approved Sites" category and afterwards both sites loaded tremendously faster.

I have been looking at the performance graphs and log files on the Content Gateway and nothing is standing out that would indicate a performance issue with the appliance. Although I would not expect a performance issue with the appliance given that we have only noticed this issue with a few specific web sites. But I am curious if these symptoms are indicative of a bigger issue. Although we noticed those two sites loaded quicker after we added them to the general white-list category, we cannot be sure that there are other sites that would benefit from that same change that would increase productivity of our employees.

Our appliance is a V5000 G2. Both it and our TRITON server is on version 7.8.1. Has anyone else come across these same symptoms? Or has this been documented as a bug for version 7.8.1? Or is this indicative of a bigger issue?

Thank you for any help or assistance.

Problem with authentication (NTLM)

June 23, 2014, 8:05 am
$
0
0

Hi Team

I'm using NTLM authentication and with Internet Explorer it's all ok, but with Google Chrome and Firefox, the browser it's requesting authentication. Why?

 

Thanks!

Unable to download IPA file from Dropbox

June 24, 2014, 2:32 am
$
0
0

Hi,

As per subject line, I'm trying to work out which is the best method to resolve this.  The address is htt ps://ww w.dropbox.com/c/xc422u3rz91111qdr4/randomname2 0140524.ipa although the link has been edited because of the content.  When I do click on the link I get the 'Potentially Unwanted Software' block message.  Is this because of the file type?  If so, how can I resolve this?   Dropbox is allowed an am able to navigate around the site.

Foe further information we are using v7.8.2 of WSGA.

Regards,

Dan

Exclusion List for Inbound E-mails in E-mail DLP Policy

June 24, 2014, 7:35 am
$
0
0

Hello,

In E-mail DLP Policy, we are able to write an exclusion list for Outbound E-mails. We want the same feature for Inbound E-mails too. Basically, we need to specify an exclusion list for Inbound E-mails in E-mail DLP Policy.

Thanks in advance.

Multiple Block pages for different users

February 26, 2009, 6:52 am
$
0
0

I am currently migrating users from SurfControl to Websense 7.0 and I'd like to know if I can create multiple Block Pages for different users.  I have a group of users that I want to block access completely too and present a block page with an acceptable use policy.  Other users would get a 'normal' block page depending on the site being blocked.

With Surfcontrol I was able to create multiple Block pages and assign them to individual disallow rules.

Thanks, Tony

Blocking the E-mails which have domain names as their Display Name

June 24, 2014, 7:28 am
$
0
0

One of my customers is having a problem with blocking some e-mails. Basically they want to block the e-mails which have domain names as their display names.
Let's say that the domain is "test.com.tr". And my customer wants to block the e-mails which is coming from "ANY" domain but has "xxx@test.com.tr" as their display name.

I've learned that it can be done only with Hybrid but it's a problem for the customers who don't want to send their e-mails to the Cloud. So we need to make it on the ESG.

Creating 7.6 remote client 64bit

June 24, 2014, 5:11 pm
$
0
0

I am able to configure and install 32 bit remote clients but when I try to create a 64bit I get "RFClient_Config.exe is valid but for other machine type" . This is on a Windows 2003 32 bit server. What needs to be done to create the 64bit client?

Search

Referral

June 25, 2014, 4:03 am
$
0
0

IN DSS there is a referral option for Active Directory. This is for performance reasons so AD lookups are done on the nearest Domain Controller. It would be nice to have this also in WSG. I noticed that in WSG when Domain Controllers are used for AD lookup in a Domain you can end up with a Domain Controller in the other side of the planet. Fixing the Global Catalog does not allow for fail over.

 

Hope this comes soon.

7.8.2 Web Filter - PIX 525 compatibility....

June 25, 2014, 6:18 am
$
0
0

Hello,

I installed web filter 7.8.2 on a fresh server running 2008 R2. I had been running 7.6 for some time before, on a different server running 2003.

After I installed 7.8.2, I noticed that web downloads began to pause/stop and would need hand holding to complete. I also had network services like McAfee AV not being able to download DAT updates (switched to FTP downloading). Web blocking for the user community was fine but download behaviour was strange.

I know from what I have read, that 7.8.2 does not support the PIX 525 and support has been dropped for it, but would this behaviour be expected after I moved from 7.6 to 7.8.2 ?

I am now in the process of sourcing a new Cisco firewall...which one would be suggested as far as websense compatibility is concerned ?

 

Thanks in advance for any responses :-)

Application list is incorrect for IE11 browsers

June 25, 2014, 7:53 am
$
0
0

I noticed in the Triton console that I had an alarming number of users running Firefox 12.  (Web Security -> Main -> Reporting -> Applications.)  After some research, I discovered that IE11 mis-reports its user agent as part of Compatibility View (see http://blogs.msdn.com/b/ieinternals/archive/2013/09/21/internet-explorer-11-user-agent-string-ua-string-sniffing-compatibility-with-gecko-webkit.aspx).  Perhaps Websense could periodically download the iecompatlistview.xml file to update its signatures, or use some other heuristic to determine browser version?  Thanks.

 

Decreasing effectiveness of Email Security 7.3

June 25, 2014, 6:11 am
$
0
0

My company has been using Email Security (now at version 7.3, the last) since the early days of it being Surf Control.  Lately though, it seems that the amount of spam leaking through the cracks is increasing a significant amount, despite the server's update schedule running regularly.

I understand that this product is no longer getting version upgrades, but my question is: Is there any reason that it should be becoming less effective as time wears on, despite definition updates?  What can I point to to try and figure out how to get a better detection rate without cranking up the false positives?

Is there any reason that the Email Security Gateway or other Websense products would do a better job of filtering our corporate mail compared to our Email Security 7.3 with all the latest definitions, and if so, how significant would you say that change would be?

Restart Websense Services - Windows Powershell

January 31, 2013, 3:37 pm
$
0
0

Here's a powershell script to restart services remotely. I have an issue with the WebsenseControlService returning a "CouldNotStopService" -- yet it still appears to stop. Any ideas?

###START SCRIPT restart-websense.ps1 ###

<#
.Synopsis
Restarts Websense services without a machine restart.
.DESCRIPTION
Script restarts local or remote Websense Tritorn Web Security services in required safe order.
See http://www.websense.com/content/support/library/web/v75/triton_web_help/start_stop_services.aspx#636734 for service list
.EXAMPLE
Restart-WebsenseSvc
.EXAMPLE
Restart-WebsenseSvc host.domain.tld
.Credits
Jamie Bilinski / Alter Trading Corp
#>
function Restart-WebsenseSvc([string]$wsSvr = ".")
{
[array]$svcOrdLst=@('Websense Network Agent','Websense EIM Server','WebsensePolicyServer','WebsensePolicyBroker','WebsensePolicyDB','WebsenseControlService') #service name in stop order
[string]$svcLike="Websense*"
[int]$svcOrdCnt= $svcOrdLst.length - 1
$svcOtherWSLst = Get-Service -ComputerName $wsSvr | Where-Object {$_.name -like $svcLike} | Where-Object {$svcOrdLst -notcontains $_.Name}

Write-Host '*** Stopping Websense Services***'
foreach ($svcOtherWS in $svcOtherWSLst)
{
Write-Host "Requesting Stop of Service: $($svcOtherWS.DisplayName)..."
Stop-Service $svcOtherWS
}
for ($i=0; $i -le $svcOrdCnt; $i++)
{
Write-Host "Requesting Stop of Core Service: $($svcOrdLst[$i])..."
Get-Service -ComputerName $wsSvr -name $svcOrdLst[$i] | Stop-Service
}
Write-Host '*** Starting Websense Services ***'
for ($i=$svcOrdCnt; $i -ge 0; $i--)
{
Write-Host "Requesting Start of Core Service: $($svcOrdLst[$i])..."
Get-Service -ComputerName $wsSvr -name $svcOrdLst[$i] | Start-Service
}
foreach ($svcOtherWS in $svcOtherWSLst)
{
Write-Host "Requesting Start of Service: $($svcOtherWS.DisplayName)..."
Start-Service $svcOtherWS
}
} #end function

#usage: Restart-WebsenseSvc hostname
Restart-WebsenseSvc 'wsgw.domain.tld'

### END SCRIPT ###

Viewing all 2011 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>