WIXLIB

that results from content categorization. There are also reports that track page blocks that resultfrom link analysis.SSL decryption bypass (Content Gateway)To support organizations using SSL Manager in Content Gateway to manage encrypted traffic, andwho do not want to decrypt HTTPS sessions that users establish with sensitive sites (such as personalbanking or health provider sites), administrators can now specify categories of sites that will bypassSSL decryption.For convenience, a predefined Privacy Category group includes categories that may be subject toregulatory requirements, such as education, financial data services, health care, and others.Administrators can also specify a list of hostnames or IP addresses for which SSL decryption is notperformed.Tunneled protocol detection (Content Gateway)Tunneled protocol detection analyzes traffic as it transits Content Gateway to discover protocols thatare tunneled over HTTP and HTTPS. Such traffic is reported to Filtering Service for protocol filteringenforcement. Scanning is performed on both inbound and outbound traffic.HTTP tunneling occurs when applications that use custom protocols for communication are wrappedin HTTP (meaning that standard HTTP request/response formatting is present) in order to use theports designated for HTTP/HTTPS traffic. These ports are open to allow traffic to and from the Web.HTTP tunneling allows these applications to bypass firewalls and proxies, leaving a systemvulnerable. This feature can be used to block protocols used for instant messaging, peer-to-peerapplications, and proxy avoidance.Improved presentation report performanceA new presentation reports feature offers improved performance of reports generated on the fly whilemaking it easier to schedule and access very large reports. Administrators can either: Run the report in the background. A one-time scheduled job is created to run the reportimmediately. When complete, the report is added to the Review Reports list and, optionally,email notification is sent to specified recipients.Run the report in the foreground. The report is generated in a separate window. When the reportis ready, administrators can view and save the report. The report is not saved automatically, anddoes not appear in the Review Reports list.Delegated administrationTo support the ability to use a single logon to access both the Web Security and Data Securitymodules of the TRITON Unified Security Center, there have been changes to delegatedadministration. The following changes affect all deployments that use delegated administration,regardless of whether they include a data security solution: On the Policy Management Delegated Administration page, the Manage Websense UserAccounts button has been replaced with a Manage Administrator Accounts button.For Super Administrators, the new Manage Administrator Accounts page is divided into 2sections: Websense User Accounts lists accounts created specifically to give access to TRITON - WebSecurity.Version 7.5 Release Notes 5

Network Accounts lists user and group accounts from a supported directory service that havebeen given administrative access to TRITON - Web Security.To change the password for a Websense user account, click the account name. Delegatedadministrators can change the password only for their own account; Super Administrators canchange the password for any account.When changing the password for a Websense user account, Super Administrators can markPrompt for new password to require a password change the next time the administrator logs on toTRITON - Web Security.When Websense Web Security is linked to a data security solution, Super Administrators are giventhe option to send an email notification to each new delegated administrator that includes instructionsfor accessing both modules of the TRITON Unified Security Center. Administrators who receiveemail notification are prompted to change their password the next time they log on to TRITON - WebSecurity. Linking must first be configured to enable these options.Fixed in this versionSeveral hotfixes (patches) created for previous releases have been incorporated into this version. Inaddition, changes requested by customers have been incorporated.TRITON - Web Security (general) When an internal error occurs in TRITON - Web Security, the stack trace no longer showspossibly sensitive information in the client browser. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19,22)Category names that include a comma can be changed without error. (v7.0 Hotfix 08, 21, 29)LDAP user passwords are no longer readable in the HTML source of the Settings DirectoryServices and Logon Directory pages. (v7.0.1 Hotfix 12, 19, 22)An internal error no longer displays when administrators access the Settings Risk Classespage. (v7.0.1 Hotfix 19, 22, v7.1 Hotfix 08, 12, 33, 35, 40, 41, 43, 48, 50, 52)Administrators can now add proxy user names containing a hyphen (-). (v7.1 Hotfix 08, 12, 33,35, 40, 41, 43, 48, 50, 52).Administrators can now define non-qualified sites as unfiltered (for example, http://wrprod).(v7.1 Hotfix 08, 12, 33, 35, 40, 41, 43, 48, 50, 52)When an administrator clicks Create Policy in the Common Tasks pane, all existing policies arenow available to be used as the basis for creating the new policy.When there are many Network Agent instances associated with a Policy Server, a scroll barallows administrators to access configuration information for all instances. (v7.1 Hotfix 52)TRITON - Web Security now accepts user names containing a period when an administratorconfigures Master Database downloads via a proxy. (v7.1 Hotfix 41, 50, 52)Database download status for each Filtering Service instance is displayed in TRITON - WebSecurity in a timely manner. (v7.1 Hotfix 35, 38, 40, 41, 43, 48, 52)TRITON - Web Security issues prevent a connection to Policy Server have been corrected. (v7.1Hotfix 21, 33, 35, 40, 41, 43, 48, 50, 52)Pages transmitted via SSL are no longer cached by the browser. (v7.1 Hotfix 21, 33, 35, 40, 41,43, 48, 50, 52)6 Websense Web Security and Websense Web Filter

The Secure Attribute is now included in the Encrypted Session (SSL) cookie to avoid having thecookie sent as plain text. (v7.1 Hotfix 21, 33, 35, 40, 41, 43, 48, 50, 52)TRITON - Web Security (Policy Servers page) The list of Policy Servers on the Settings Policy Servers page no longer shows duplicate entriesafter changes are made. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12)The logon page and Settings Policy Servers page load more quickly, even when there are manyPolicy Servers listed in TRITON - Web Security. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)A full list of Policy Server entries is displayed on the Settings Policy Servers page, even whenthere are more than 25 entries. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)TRITON - Web Security (Clients page) A problem that caused an error preventing administrators from adding a client, either to theClients page or to a delegated administration role, has been corrected. The error was: “The usercannot be added to the current role. A policy has already been assigned to this user in role: SuperAdministrator.” (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)Directory clients (users, groups, and domains/organizational units) are now alphabetized in theClients page, with domains appearing first, then groups, then individual users. (v7.0 Hotfix 21,29, v7.0.1 Hotfix 12, 19, 22)When adding clients, results returned from the directory service are now alphabetized, as arepages, if paging is necessary. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)When an administrator adds network clients on the Clients page, the correct range is added, ratherthan a single IP address (computer client). (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)A problem that caused a Java error when the Clients page was selected has been corrected. Theerror no longer appears, and computer and network clients are displayed normally. (v7.0 Hotfix08, 21, 29, v7.0.1 Hotfix 12, 19, 22)When an administrator adds directory clients, Websense software can now query more than oneglobal catalog server. (v7.0 Hotfix 08, 21, 29, v7.0.1 Hotfix 12, 19, 22)When an administrator adds a network client, and the first value in the second IP address isgreater than 127 (for example, 1.1.1.1 - 128.0.0.0), TRITON - Web Security no longer displays awarning. (v7.0 Hotfix 08, 21, 29)User names that include quotation marks (") anywhere in the LDAP path are now displayedproperly in TRITON - Web Security. (v7.0.1 Hotfix 06, 12, 19, 22, v7.1 Hotfix 08, 12, 20, 33, 40,41, 43, 48, 50, 52)Administrators were sometimes unable to browse the root domain when child domains wereadded to directory services. (v7.1 Hotfix 08, 12, 20, 33, 40, 41, 43, 48, 50, 52)Clients whose user name contains a comma can now be added via the Search option on the AddClients page without an extra backslash character being appended. (v7.1 Hotfix 52)TRITON - Web Security correctly displays organizational units (OUs) that contain a plus sign ( )in the name. (v7.1 Hotfix 41, 50, 52)TRITON - Web Security (custom URLs and limited access filters) If you have a significant number (hundreds or more) of recategorized URLs or regularexpressions, clicking OK on the Edit Categories page no longer results in a very long delay(many minutes) before the Filter Components page loads and changes can be saved. (v7.0.1Hotfix 12, 19, 22, v7.1 Hotfix 08, 12, 33, 35, 40, 41, 43, 48, 50, 52)Version 7.5 Release Notes 7

In environments with a large number of custom URLs (recategorized or unfiltered), the EditPolicy page now loads more quickly. (v7.0.1 Hotfix 22, v7.1 Hotfix 08, 12, 33, 35, 40, 41, 43, 48,50, 52)An problem that caused valid URLs to be flagged as invalid when URLs were recategorized hasbeen corrected. (v7.0.1 Hotfix 12, 19, 22)Unfiltered URLs are saved only once. The Policy Database does not create duplicates. (v7.1Hotfix 20, 38, 40, 41, 43, 48, 50, 52)Custom URLs are now displayed in a more consistent manner. (v7.1 Hotfix 12, 33, 35, 40, 41,43, 48, 50, 52)When a category is selected on the Filtering Components Edit Categories page, a complete listof custom URLs for the category is displayed. (v7.0.1 Hotfix 22, v7.1 Hotfix 08, 12, 33, 35, 40,41, 43, 48, 50, 52)Custom URLs (recategorized and unfiltered) and URLs added to limited access filters arecategorized properly when they contain uppercase letters. (v7.1 Hotfix 35, 38, 40, 50, 52)TRITON - Web Security Toolbox The Check Policy tool now shows the correct policy for users defined in a Windows ActiveDirectory global catalog server identified by IP address. (v7.1 Hotfix 50, 52)Delegated administration A problem that caused delegated administrators to receive an error message when they attemptedto look up clients or URLs has been corrected. (v7.0 Hotfix 08, 21, 29)A problem that sometimes prevented delegated administrators from logging on to TRITON Web Security has been corrected. (v7.0.1 Hotfix 21 and v7.1 Hotfix 02)Websense user accounts that include a hyphen (like “report-auditor”) can now be added to a role.(v7.0 Hotfix 08, 21, 29, v7.0.1 Hotfix 12, 19, 22)User search is now as quick for delegated administrators as for WebsenseAdministrator (v7.1Hotfix 48, 50, 52)Delegated administrators whose permissions do not include viewing user names cannot use theToolbox to search for user data. (v7.1 Hotfix 43, 48, 50, 52)Reporting (Log Server and Log Database) Log Server now successfully looks up users’ full name and associated groups with User Serviceto ensure that user names are visible in reports. (v7.0.1 Hotfix 17, v7.1 Hotfix 05)During startup, Log Server tries to connect to the database a specified number of times beforerecording a failure to connect. (v7.1 Hotfix 15, 18)When integrated products send records with malformed URLs to Log Server, the high value inthe protocol field is removed, and the records are added successfully to the Log Database. (v7.1Hotfix 18)Log Server no longer shuts down when renewing an SSL certificate. It successfully stores thecertificate in the LogServer.exe.p12 file. (v7.0 Hotfix 31)Reporting (Today and History pages) The TRITON - Web Security Today and History pages can now connect to a Microsoft SQLServer database that uses a non-standard port. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)8 Websense Web Security and Websense Web Filter

The Current Filtering Load line now plots data up to the current time, and the line does not dropto zero. (v7.0 Hotfix 08, 21, 29, v7.0.1 Hotfix 12, 19, 22)When a Today or History page chart contains a large quantity of data, better scaling is used tomake the legends more readable. (EI 4254)Presentation reports A copied presentation report can be edited and then saved without errors. (v7.0 Hotfix 21, 29,v7.0.1 Hotfix 12, 19, 22)Top N presentation reports now permit you to specify up to Top 200. Note that the graph may notdisplay in the report when you use a large Top N value. (v7.0 Hotfix 08, 21, 29, v7.0.1 Hotfix 12,19, 22)A problem that could cause the Presentation Reports Scheduler to fail with a general error hasbeen corrected. (v7.1 Hotfix 10)A problem that caused Presentation Reports Scheduler to fail to connect to the Policy Database,causing scheduled reports to be lost after reboot, has been corrected. (v7.1 Hotfix 12, 33, 35, 40,41, 43, 48, 50, 52)Investigative reports When the automatic reindexing setting is changed to Sunday, the setting is saved properly.(v7.0.1 Hotfix 24, 31, 33).Spacing problems in concatenated reports exported to PDF have been addressed, so that characterstrings do not overlap and wrapping works correctly. (v7.0.1 Hotfix 09, 24, 31, 33, v7.1 Hotfix45)A problem affecting detail reports sorted by bandwidth has been corrected. (v7.0.1 Hotfix 09, 24,31, 33)When languages other than English are used, pie charts now display correctly. (v7.0.1 Hotfix 09,24, 31, 33)Pie charts display the correct time format (total number of seconds) when you selected BrowseTime [seconds] for the Measure. (v7.1 Hotfix 25, 45)Pie charts display correctly in locales use the period (.) symbol as a thousands separator. (v7.0.1Hotfix 33)Two new Websense\webroot\Explorer\wse.ini file parameters (chartWidth and chartHeight)make it possible to specify a custom width and height for pie charts, in case you need to expandthe default size. (v7.1 Hotfix 25, 45)Changing automatic reindexing setting to a Sunday no longer reverts to Monday when you savechanges and refresh. (v7.0.1 Hotfix 09, 24, 31, 33)Large bandwidth reports (approximately 1.5 GB) to PDF or Microsoft Excel format no longerresults in an error, and the export is completed successfully. (v7.0.1 Hotfix 07, 09, 24, 31, 33). Top 50 reports can be exported to PDF without error. (v7.0.1 Hotfix 07, 09, 24, 31, 33) Scheduled reports can be exported to PDF without error. (v7.1 Hotfix 03, 16, 25, 45) A problem that caused incorrect values in detail reports when administrators attempted to reporton source IP address and destination has been corrected. (v7.0.1 Hotfix 03, 07, 09, 24, 31, 33)Investigative reports now use UTF-8 encoding. Any information passed using ISO-8859-1encoding is now converted to UTF-8. This corrects a problem that prevented delegatedadministrators from creating reports for managed clients belonging to a domain whose nameVersion 7.5 Release Notes 9

included non-Latin characters (for example, Cyrillic or Chinese characters). (v7.0.1 Hotfix 03,07, 09, 24, 31, 33) An error that occurred when exporting investigative reports that show the top 50 or more grouping by grouping within a grouping (for example, Top 50 Categories by Actionwithin a Risk Class, or Top 75 Users by Day accessing a Protocol) to PDF has been corrected.(v7.0.1 Hotfix 03, 07, 09, 24, 31, 33)A problem that caused blank user names in reports if a user account did not have a full first andlast name has been corrected. (v7.1 Hotfix 16, 25, 45)Browse time reports now display properly. (EI 4656)Administrators who log on to TRITON - Web Security using a network account with a longname now have access to investigative reports. (v7.1 Hotfix 45)When a large investigative report is saved in Excel format, Microsoft Excel can now open thefile. (v7.0.1 Hotfix 31, 33)User identification and authentication A problem that sometimes prevented non-Latin symbols in a user password from beingrecognized by manual authentication has been corrected. (v6.3.2 Hotfix 45)Changes to winhttp.dll introduced by Microsoft software update KB960803 no longer preventthe logon application (LogonApp.exe) from authenticating users via NTLM, regardless ofwhether the /dhcp option is used. (v7.0.1 Hotfix 15, 27)Custom LDAP groups are now properly applied, so that users are filtered correctly. (v7.1 Hotfix17, 28)Users whose name include a pound or hash symbol (#) anywhere in the LDAP path are nowfiltered correctly. (v7.1 Hotfix 12, 33, 35, 40, 41, 43, 48, 50, 52)Users in an organizational unit (OU) that contains an ampersand (&) are now filtered properly.(v7.1 Hotfix 38, 40, 43, 48, 50, 52)A User Service problem that caused Novell eDirectory Server to lock up, behaving as if it hadreached the maximum number of allowable connections, has been corrected. Connections arenow allocated correctly, and user identification works as expected. (v7.1 Hotfix 28)Users who log on to Novell eDirectory via Novell ZENWorks are now identified properly byeDirectory Agent. A new wsedir.ini file parameter (NetworkAddressAttribute) can be used tospecify where user machine IP addresses are stored. (v6.3.3 Hotfix 08, v7.1 Hotfix 24, 30)eDirectory Agent now connects to Novell eDirectory Server through the port specified inTRITON - Web Security or in the wsedir.ini file. (v7.1 Hotfix 24)DC Agent now runs as the domain account configured during installation, correcting a v7.1problem. (EI 4659)Filtering Service The amount of memory required by Filtering Service when it loads the Master Database has beenreduced to minimize download and load failures. (v7.0 Hotfix 28, 34, v7.0.1 Hotfix 04, 13, 26,29)Filtering Service and Network Agent now always use the communication ports specified in thewebsense.ini file. This addresses a problem that prevented TRITON - Web Security Toolboxfeatures from functioning properly. (v7.0 Hotfix 19, 20, 28, 34, v7.0.1 Hotfix 04, 13, 26, 29)When administrators use category filters to implement bandwidth-based filtering, user attemptsto access affected categories are blocked or permitted appropriately. (v7.1 Hotfix 11)10 Websense Web Security and Websense Web Filter

Custom URLs that include one or more capital letters are now filtered appropriately. (v7.0.1Hotfix 29)Filtering Service now supports regular expression syntax not supported in previous versions. Inaddition, TRITON - Web Security now more accurately reflects the regular expression syntaxsupported by Filtering Service. (EI 3596)Network Agent Network Agent on Linux can now handle 13,000 packets per second with a drop rate of less than1%. (v6.3.2 Hotfix 59)A multi-threading problem with Network Agent on Linux has been corrected. Network Agent nolonger stops running unexpectedly. (v7.1 Hotfix 32)Network Agent can be configured to ignore traffic on specified ports. This prevents HTTPStraffic from being logged twice when Network Agent runs in conjunction with Content Gateway.Note that with the original hotfix, the configuration required setting an INI file parameter; in thisversion, the configuration is performed in TRITON - Web Security. (v7.0.1 Hotfix 13, 26, 29)A new natuning.ini file parameter (ShowNICsIP) makes it possible to configure whether or notNetwork

1. Navigate to the Websense bin directory on the Filtering Service machine (C:\Program Files\Websense\bin or /opt/Websense/bin/, by default) and open the eimserver.ini file in a text editor. 2. Navigate to the [FilteringManager] section and add the following line: SecurityCategoryOverride ON 3. Save and close the file. 4. Restart Filtering Service.