Release Notes for Websense Web Endpoint (32- and 64-bit OS) Updated: 8-Feb-2013 Applies To: Websense Cloud Web Security solutions Use the Release Notes to learn about: What s new in Websense Web Endpoint? What is Websense Web Endpoint? Web analysis and filtering Proxy manipulation Anti-tampering password Endpoint auto-updates Requirements Supported operating systems Footprint Installation Resolved and known issues Resolved issues Known issues New features What s new in Websense Web Endpoint? Administrators can now configure and manage white lists via the Cloud Security portal to specify Web-enabled applications that should not get routed to Cloud Security. This feature is available only to Websense Cloud Web Security and Cloud Web Security Gateway customers. For Web Security Gateway Anywhere 2013 Websense, Inc.
and Cloud Web Security Gateway customers, a command line tool for configuring and managing white lists is also available. The endpoint now supports Windows 8 non-metro applications. What is Websense Web Endpoint? The Web Endpoint for Windows operating system users is designed to provide a seamless experience for authenticating and directing traffic to the correct proxy for Web filtering and analysis. It has been designed to consume minimal CPU, memory, and disk resources. The endpoint supports the following protocols: HTTP HTTPS FTP over HTTP The endpoint has two modes of operation: Web analysis and filtering Proxy manipulation Web analysis and filtering The endpoint redirects HTTP and HTTPS traffic to the proxy with two additional headers appended to each request. One header contains the version of the endpoint that is installed; the other is an encrypted token that identifies the end user, enabling the correct policy to be applied for that user and reporting data to be correctly logged. No password or other security information is included in these headers, which are then stripped from the requests by the proxy. The endpoint can be used with both full-tunnel and split-tunnel VPNs, ensuring that all Web traffic is still analyzed and filtered whether or not the end user browses via the VPN. Proxy manipulation For supported browsers, the endpoint will manipulate the proxy settings in real-time. For example, if the endpoint detects it is at a hotspot which the end user has not yet fully signed into, it will remove the proxy settings until the gateway has successfully opened up. Web Endpoint Release Notes 2
Anti-tampering password Note: the anti-tampering password feature is currently available only for cloud endpoint deployments. You must define an anti-tampering password to be used to stop the endpoint service or uninstall the endpoint before you can download the installation file or enable deployment from the cloud service. The password is automatically linked to any deployments of the endpoint, including Web deployments. Endpoint auto-updates The endpoint supports an auto-update feature which can automatically deploy newer versions, without desktop administrators getting involved. This is switched off in your Web Security product by default, as most organizations like to control the software on the desktop themselves and test newer versions before deploying them. You may want to enable automatic updates once you have tested a new version so all users (including roaming users) install the latest endpoint, then disable the option again once all users have received the update. Note that while an endpoint update is taking place (which can take several minutes), the end users will be unable to browse, but will be shown a Web page stating that the endpoint is updating. This page will continue to retry the originally-requested URL every 10 seconds until the endpoint has finished updating, and will then display either the requested page correctly if the user is allowed to access this URL, or a block page if the user is not permitted to access the site. Requirements The following Web browsers fully support the endpoint on both 32-bit and 64-bit operating systems: Internet Explorer 7 or higher Firefox 3.x or higher Google Chrome 15 or higher Full support means that the browser supports all installation methods, and both Web analysis and filtering and proxy manipulation. All Web browsers support GPO deployment, and Web analysis and filtering with the endpoint. Supported operating systems Windows XP with Service Pack 2 or higher (32-bit and 64-bit) Windows Vista with Service Pack 1 or higher (32-bit and 64-bit) Web Endpoint 3
Windows 7 (32-bit and 64-bit) Footprint Installer: <5MB Hard disk space required: <10MB Memory usage: <6MB Installation The endpoint can be deployed in the following ways. GPO installation (including silent install) Web installation Local administrator rights are required to install the endpoint in all cases. For more information about installation options, see the online Help for your Web Security product. Note that if you uninstall the endpoint, be sure to restart your operating system or your Web browsing experience may be affected. Resolved and known issues Resolved issues The endpoint is now compatible with Firefox v17 and v18. The compatibility of the endpoint with ActiveX and.net has improved. The compatibility of the endpoint with Cisco wireless hotspots has improved. Known issues Note the following known issue in this version: When users install an up-to-date version of Windows endpoint, the report shows the Windows endpoint version as outdated, because the Mac endpoint version has a higher number than the Windows version. Windows 8 is not currently supported, so users should not attempt to install the endpoint on it. Web Endpoint Release Notes 4
Web Endpoint crashes when used on the same machine as McAfee antivirus products. This is caused by the McAfee product injecting code into the endpoint process. To work around this issue, open the McAfee Control Panel, enable script scanning, then exclude the Websense SaaS process (wepsvc.exe) from scanning. Build 1138. Document last updated 2/8/13. Web Endpoint 5