Would like to request that Websense can keep its browsing data from more than 30 days. We have a requirement where the customer would like to keep it for 1 year the browsing history.
is there anyway to download the data or store offline
Regards
↧
Websense browsing data
↧
IDN reporting
I would like to suggest a feature to report on international domain access. as of now, websense will categorize these URLs as their actual content type. this is fine, but i would also like the ability to see what IDNs my users are accessing (punycode and unicode). IDN spoofing is something that has always been around, but lately has been on the rise.
currently websense filters on the punycode URL and then converts to unicode before logging. i would like to either retain the punycode (along with the unicode conversion), or be able to report on a sub category, maybe, called "international domain names".
the theory is that attackers register IDNs with unicode translations similar to popular websites (facebook was a recent one). when you paste the encoded url into some browsers/email clients (like IE) the unicode is rendered and most browsers/email clients render international characters the same as latin ones. like the greek "o" and latin "o" will look the same, though the greek url is actually wrapped punycode and thus a different URL altogether. this makes spoofed urls much harder to track.
adding this feature will bring additional visibility and reporting capabilities to websense for its customers interested in this.
it will give us visibility on which IDN URLs our users are going to and we would be able to tell if they are clearly spoof attempts.
↧
↧
IDN reporting
I would like to suggest a feature to report on international domain access. as of now, websense will categorize these URLs as their actual content type. this is fine, but i would also like the ability to see what IDNs my users are accessing (punycode and unicode). IDN spoofing is something that has always been around, but lately has been on the rise.
currently websense filters on the punycode URL and then converts to unicode before logging. i would like to either retain the punycode (along with the unicode conversion), or be able to report on a sub category, maybe, called "international domain names".
the theory is that attackers register IDNs with unicode translations similar to popular websites (facebook was a recent one). when you paste the encoded url into some browsers/email clients (like IE) the unicode is rendered and most browsers/email clients render international characters the same as latin ones. like the greek "o" and latin "o" will look the same, though the greek url is actually wrapped punycode and thus a different URL altogether. this makes spoofed urls much harder to track.
adding this feature will bring additional visibility and reporting capabilities to websense for its customers interested in this.
it will give us visibility on which IDN URLs our users are going to and we would be able to tell if they are clearly spoof attempts.
↧
File Types to be blocked
Can any one suggest the best practices for blocking the file type for the banking organizations. Please let us know what all file types have to blocked in Web security as the best practice to avoid the risk.
↧
Fantasy sports category
I was hoping Websense could make a separate category for fantasy sports rather than having them under "games". We block games but as a result we are blocking fantasy sports, which management wants permitted for the company.
↧
↧
In-place upgrade from 7.7.3.1147 to 7.8.3?
Can I do an in-place upgrade from 7.7.3.1147 to 7.8.3?
I am on Windows 2008 (not R2) 64 bit.
↧
Very poor support by websense
The below is my mail to websense. Still they cant resolve the issue, i will be switching to new product soon
I have spent almost 5 to 6 hour of my time with the various support team for the resolution and nothing achieved till. And I am sure it is a software issue the upgrade will resolve I am sure it is not a network related issue because nothing is changed in our network for the last one year and we don't have other issues in the network. I can see the troubleshooting sessions had lot of changes in many files and many settings files change and consumed more time. I am sure the upgrade will not take that much effort and time as a experienced support persons. Not sure what is the hesitations and risk and why it is not in the scope of support as we are eligible customer and it is your product. As a customer we are not expert in doing this and it will be difficult for us. Similar issue happened on our symantec antivirus server, and support team of symantec upgraded the software during the remote session based on our request and resolved the issue in one remote session within one hour time. I can send the symantec report to you if you want to know how others support is? Why I am sayings this is I don't understand why websense is not doing this service to their customer. I am not happy at all the service of websense and the support is very poor in terms of my experience. If you still not willing to help us and don't want us to use websens, please close this ticket and we will need to review our usage of wesense and might consider to switch to other vendor. They are ready to give their solution with competitor price. Note that since this bad experience, we might need to review our DLP solution to other vendor. No more explanation is required please close this ticket if you don't help us to upgrade our product remotely. I will forward all the corresponding upon the closing to the websense management and sales for their understanding and for their future commitment to atleast other customers why thy can't do the remote upgrade service?
↧
Data security Systems and Audit Logs send to syslog server
I want to sent the systems and audit logs to syslog server automatically on DSS Triton manager.
↧
Office Accelerator and WebSense
Our clients are unable to use Office Accelerator when WebSense is turned on. They receive the message below. We are using transparent proxy (WCCP). I've unblocked all ports and excluded the URLs and IP addresses that Office Accelerator suggest at this web page: http://support.oa1mm.com/default.aspx?action=page&data=304055980d76492da45c2c164d84fff8
Error message received when attempting to open OA:
Unable to connect to SQL Server.
Unable to connect to Network SQL Server
[DBNETLIB][ConnectionOpen (PreLoginHandshake()).]General network error. Check your network documentation.
Running testlogserver shows nothing out of the ordinary.
Any ideas??
↧
↧
RBS.com and WebSense
One of our clients is having trouble accessing banking site rbs.com. She can get to the site but once she attempts to login, she gets an IE error - "Internet Explorer cannot display the webpage". Once Websense is turned off, she has no problem. Others in her office (under the same policies) can login in without a problem while Websense is running.
Thanks for the help
↧
ASA Integration - Ability to drop logs from reporting
Feature Request, many organizations use the ASA filtering to filter guest networks. However this information ends up in the dashboard and in reporting which skew logs/metrics/dashboard. Request ability to filter out, or remove by network/IP range.
↧
Update notification
I opened a ticket about that (01752469) :
- How can I know if there are new versions ?
- Notification via Triton interface or on the DLP server ?
↧
Telerik Fiddler compatibility
Please make Websense cloud proxy compatible with Fiddler. Alternatively please add a bypass feature which can be locked down to a specific group of users based on policy.
Many thanks,
Alex
↧
↧
Maximum Number of User Defined Categories
I know that I have seen this before in the Triton Documentation, but I'm crushed for time and need some assistance. I remember seeing that there is a maximum number of User Defined categories that can be created. If memory serves me correctly it is around 100 or so. Is this correct? We are a 7.5 standalone version.
Thanks
↧
Exception not working
I have created an exception and tested it using the "Test Filtering" in the toolbox. The test result is "Permitted by Exception", so it appears to be correct.
However, when I go to the URL I get a popup asking to authenticate. I have another exception that work and both appear to be setup exactly the same. This is very annoying!
Anybody have a clue where the problem might be?
↧
Add customization to title name of attached Incident Report PDF files emailed via Scheduled Tasks
Currently any attached PDF file generated from the Incident Reports has a name auto-generated as NetworkIncidentListPage. However CSV files generated from the Incident Reports and PDF files generated from Dashboard reports take on the name of the task utilizing the respective report.
Please consider adding this same feature for the PDF files generated from the Incident Report.
This feature would be beneficial for the purpose of customizing automated reports delivered to a repository that requires specific naming conventions to be used.
Incident reports in PDF are more detailed than the Dashboard reports, providing quicker and deeper analysis of individual audited emails.
↧
Cloud Web and PAC file modifications
My customer has a requirement to bypass the proxy for *most* of their domains, with the exception of just a few URLs. So in their existing PAC file they have a 'localHostOrDomainIs' switch containing these few URLs, followed by a 'dnsDomainIs' function containing the domains, meaning that anything that doesn't match the few URLs gets bypassed from the proxy. Here is an extract from the code:
"// redirect externally hosted internal domain websites via proxy
if (localHostOrDomainIs( host, "www.customer.com.cn" ) ||
localHostOrDomainIs( host, "www.customer.com" ) ||
localHostOrDomainIs( host, "e.customer.com") ||
localHostOrDomainIs( host, "f.customer.com") ||
localHostOrDomainIs( host, "webmail.customer.com") ||
localHostOrDomainIs( host, "globalintranet.customer.com"))
{
{ return "PROXY 10.x.x.x:8080; PROXY 10.y.y.y:8080"; }
}
// any internal DNS hosts go direct
if ( dnsDomainIs( host, ".customer.com") ||
dnsDomainIs( host, ".customer.co.uk") ||
dnsDomainIs( host, ".customer.com.cn" ))
{ return "DIRECT"; }"
It is sadly not possible to do this with Websense Cloud, because there is only an option to add URLs/domains to a bypass list. There needs to be another list, that will be processed earlier in the PAC file, to specify 'sub-URLs' to get around this issue. I am certain that there are many other large organisations who would face this issue if they migrated to Websense Cloud web filtering. I hope that this request will be given serious consideration.
↧
↧
Windows 2012 Server certification
Hello -
I would like to request that Windows Server 2012 be certified for the Endpoint Client agent and compatible with the Websense Cloud Security. I've been told by support that Windows 2012 server alone is not supported but only with Citrix on top. We use Windows 2012 Server with RDS (Terminal Services) and request it be a supported platform.
Thank you
↧
Advertisement in real time monitor
Hi,
I'm using websense security 7.8 and my problem is that when someone go to a page, for example Google.com, we see in the real time monitor google.com and 10 others requests that are advertisement in this page.
How can I do to just make display the url that was searched and not all the ads?
I hope someone has understood me.
Thank you,
Regards,
↧
Content Gateway failed to connect to the filtering service, 7.8.3
Hello,
We are getting this message a couple times a week from the content gateway. Our filtering service is installed on a windows server at the same location. So far this message seems to be harmless, where I guess it looses connection but comes right back and I just end up clearing the event as I noticed no issues.
But last week it was together with another message on the content gateway, where it lost connection with the policy broker, and I actually had to reboot the windows server the filtering service was on to get our filtering back. Nothing was being blocked during that time.
The content gateway, filtering service, and policy broker are all on separate servers.
Is this a timeout issue/setting on the content gateway?
↧