Hi everyone,
For CWSG, customer wants to run the perl script in their windows box to log their web traffic from cloud and feed it to their SIEM so that they can generate alerts and send email notification, etc more in like real time.
So the question is can they pull the full traffic logs from the cloud every 30-60 secs? What are caveats to that practice? What time lag is noticed with actual traffic generated and cloud logs generated?
Regards,
Brijita
Hi,
I'm testing Windows 10 Ent. I install Websense Endpoint but the Websense icon does not display in the System tray. Result log in credential does not pass through the Websense Web AP.
I guess this is because Websense Endpoint does not support on Windows 10. Is anyone experience this issue? any suggestion is much appreciated.
Peter.
I have Web Security 7.8.2 installed and need to install the hotfixes before an internal audit. I see that another engineer has downloaded HF10, but I'm not sure how to tell if it actually got installed. I don't see the build number anywhere in the ReadMe. Second, are the hotfixes cumulative? I see HF4 would be one we'd need to installed, but I'm wondering if it would have been rolled up in HF10 if it actually was installed.
Had an issue with Websense server and had to manually create new wslogdb70 database in MSSQL Server 2008 R2.
How do I get my previous partitions ( wslogdb_163, wslogdb_164,.....) back into my reporting DB?
I have gone into SQL Server Mgmt Studio and one by one Attached the DB files under the Database folder as described in "Moving the Web Security Log Database" for v7.7x & 7.8.x but the partitions are not showing up in the Websense Unified Security Center under Settings | Log Database | Available Partitions.
Install is Websense Web Security v7.8.4 on Server 2008 R2 using SQL Server 2008 R2.
I appreciate any assistance provided.
I have an older implementation of Websense that I'm migrating to new appliances shortly and just found that Microsoft Patch KB3061518 (https://support.microsoft.com/en-us/kb/3061518) causes some HTTPS sites to display a "Page Cannot be Found" error. You seemingly only have a few options:
1) Remove the patch
2) Upgrade Websense
3) Turn off HTTPS decryption or bypass each site.
Hello, we used Websense 6.3 for a very long time but we recently discovered it does not filter Citrix users properly so we set up a new 2008r2 server and got Triton 7.8 web filter installed. It works great and is properly blocking Citrix users web access.
There is one problem though, we cannot figure out how to whitelist or allow all .gov and .org websites. In 6.3 we could just re categorize and put .gov for the url and then add another entry for .org and it would allow those websites. It appears this is not the case for 7.8. Do I have to add every .gov and .org url manually?
Hi We have installed Hybrid client and also we have in-premises content gateway when user roam from outside to inside network everytime user is getting default policy applied and it is taking lot of time to apply user based policy. kindly help us in resolving the same.
I have a single developer in my environment that requires a Mac (OSX 10.10.4) to perform his duties. I've managed to install our Root CA chain on his laptop (based on the fact that Safari isn't throwing cert errors anymore). However, he has various development command line tools that don't appear to use the built in system keychain. Is there a documented best practice for installing CA chains on Macs? Has anyone ran into any similar issues?
I've been chasing my tail on this for a couple days now, I'd prefer not to create an SSL Bypass for a single machine if at all possible. The apps in question are Brew and rvm (Ruby on Rails). It looks like OSX now uses some *** format of openssl.
What do your install practices look like for you Mac clients?
Thanks!
Hello,
I have blocked the category Productivity : Advertisements.
Everything seems to work fine.
But unlike any other ad-blocker, the google sponsored links are still being displayed.
This is confusing for our users and when they click it they only see a white page.
I don't care about the white page, but I would prefer that they simply will not be displayed.
See screenshot as example:
Hello,
On a WCG 8.0.1, I have a strange result on the blockpage displayed when I click on "More information"
Is there a way to delete the Blockpage folder and recreate it like it was just after the installation?
Thank you
Hello,
I imported Triton AP-Email VA into vMware workstation. After logging in, when i enter command "esgconfig.py" , it does not run and says "unknown command".
Appliance brochure mentions the same command. any idea as to what may be wrong.
Hello,
I'm in the process of installing the web content filter on a Linux box. I have installed the management and other components (we have just around 100 users) on a windows box.
Does anyone have a how to guide with respect to the install? Can I migrate my rules from version 7.7 to 8.01?
thanks,
I'm new here, so hopefully I'm posting this in the right section. Several people at my company get news they need from Google alert e-mails. Recently about 3% of these e-mails have started being quarantined with the reason being "ThreatSeeker reports virus [Suspicious reputation] during part scan", but it says that it is a potential virus. This has led to a lot of people asking why their Google alerts are being blocked and if I can release them. I'm not sure if I should release them or not and am looking for any input.
Hello,
My user in marketing received an e-mail that looks like a coupon (html format, or css). The marketing user forwarded the same e-mail to a sales user.
The sales user opened the e-mail and wrote a response. As soon as the sales user clicks a Send button, he is prompted to authenticate against the WebSense ...blackspider.websense proxy. Authenticating using e-mail + domain pswd does not make the authentication window go away. My admin level privileges don't make the authentication box go away either. His outlook 2010 loops between clicking cancel and trying to authenticate. The only way to close everything down and end the loop is to end-task the Outlook process in task manager. This only happens with e-mails that have the same format
However, the e-mail is sent to everyone he replied to with his comments as if there were no issues. Anybody know how can I investigate this...I'm kind of stuck trying to figure out where to start.
P.S. I do not have access to the original html/css email and its headers...I only have my copy which is local to domain so the headers are blank.
Thank you in advance for any insight or help you may be able to lend.
-Nermin
I'm new here, so hopefully I'm posting this in the right section. Several people at my company get news they need from Google alert e-mails. Recently about 3% of these e-mails have started being quarantined with the reason being "ThreatSeeker reports virus [Suspicious reputation] during part scan", but it says that it is a potential virus. This has led to a lot of people asking why their Google alerts are being blocked and if I can release them. I'm not sure if I should release them or not and am looking for any input.
Main user wishes to re-categorize some known sites that are currently labeled as Parked Domain. Parked Domain is blocked for all users. User has re-categorized sites to General Permit which is open to all users. Upon trying to access said sites, users are blocked. I have already modified the eimserver.ini file as per instructions in another post. Outside of changing the action associated with the Parked Domain category (which we do not want to do!) or continually sending in requests to Websense to re-categorize specific sites and "hope" that agree with the change, how do we open up these sites that we know are safe to our users? We recently went from Websense 7.1 to Websense 7.8.4. We did not have this issue with the old version of the software. The main user (our Internal Audit Office) is pretty frustrated right now because they handle all of the access requests for our agency (7500+ users).
Hello all,
I'm trying to find out how Websense Cloud web filtering processes multiple policies - our legacy 7.8 implementation would merge together all policies and grant the most privilege based on the use least restrictive policy setting in system.
I cannot find any equivalent option in the cloud however, so does it instead apply the policy which matches first? If that is the case what is the policy processing order, I assume it's either the order they were added to the system or simply alphabetical order as displayed in the GUI.
The impact of this is simple - if it's case of only being able to apply first policy we'll have to strip back all users to their most priviledged group, then merge in the policies so that each one has our "standard" filtering baseline in, upon which we will add the specific priviledges assigned to those groups.
Hello to you all,
I'm having very unusual problem and not sure what to troubleshoot at this stage.
Symptoms are similar to http://community.websense.com/forums/p/1661/5708.aspx
In short,
I have two filtering servers and one policy server.
users are authenticated via LDAP and different browsing policies apply based on user's group memberships in ou.
Both filtering servers report to Policy server and policy gui shows "no errors found" all communicates just fine.
Database downloads to both and all appears to be working.
However, I recently found that if I go through one filtering server proxy I get a page blocked when go through the other I do not get the page blocked.
After some troubleshooting I found that my user is not authenticated while going via second proxy.
I pasted logs below for review. I did go and check the dc communication etc. but I thought the Policy Server communicates with the AD only.
And that works because if I change anything in the policy and go via one proxy the changes are in place.
When I go through the other server the changes are not in place.
Could anyone tell me where to look, troubleshoot?
Thank you!
logs:
Normal 0 false false false EN-IE X-NONE X-NONE MicrosoftInternetExplorer4
Accepting connections on port 55805...
Core code has connected.
Using version 5
Core code has connected.
Using version 5
time= Tue Jul 17 17:16:34 2012 version= 5
server= LOCAL SERVER IP ADDRESS source= LOCAL CLIENT IP ADDRESS dest= 173.194.67.104
protocol= 1 - http port= 80 networkDirection= Inbound
method=
contentType =
category= 76 - SEARCH ENGINES AND PORTALS
categoryReason= 0 - CatNone
disposition= 1026 - Category Not Blocked
roleId= 0
user=
bytes sent= 559 bytes received= 543
duration= 0 ms scan duration= 0 ms
policyName=
time= Tue Jul 17 17:17:31 2012 version= 5
server= LOCAL SERVER IP ADDRESS 2 source= LOCAL CLIENT IP ADDRESS dest= 173.194.67.94
protocol= 1 - http port= 80 networkDirection= Inbound
method=
contentType =
category= 76 - SEARCH ENGINES AND PORTALS
categoryReason= 0 - CatNone
disposition= 1025 - Category Blocked
roleId= 0
user= LDAP://ADsrv,OU=Helpdesk,OU=StandardUsers,OU=ITServices,OU=UserAccounts
,OU=UserGroups,DC=xx,DC=xx/lastname,\,firstname
bytes sent= 565 bytes received= 145
duration= 1000 ms scan duration= 0 ms
policyName=
Hi, we have successfully implement transparent proxy using WCCP on WCG but we're having an issue.
It happens randomly on some users and at random time, where the browser is prompting request for credential (windows username/password) while we're trying to access either internal/external web. We have checked that it doesnt related to the browser type as it occurs on most type of browsers that commonly used by our users (IE, firefox, and chrome). Strangely, this issue will not occur if we set the browser to use explicit proxy.
We are using WCG with IWA as the authentication method. Our interception point is at cisco 4500 that is directly connected to the WCG.
Please advise how to solve this, thank you.
I was told by Kirk Morris (Associate Technical Support Engineer) to submit my feature request here, so here it is. I want a report that shows me email rejections by type: RBL, Reputation, SPF etc et.