| SurfControl Web Filter Version 5.0.0.235 & SurfControl Report Central 1.2.1.15 |
SurfControl plc |
| README file |
September 2004 |
1
- WELCOME!
2
- SURFCONTROL REPORT CENTRAL
3
- LICENSE INFORMATION
4
- UPGRADING
5
- ISSUES FIXED IN THIS RELEASE
6
- KNOWN ISSUES
Welcome to version 5.0 of SurfControl Web Filter for Windows, Microsoft Proxy Server, and Microsoft ISA Server and SurfControl's Virtual Control Agent™ (VCA). While SurfControl Web Filter is the leading Web filtering product for enterprises of all sizes, this release pays particular attention to the demands of large enterprises.
This release also fixes issues found in earlier versions that affect performance and usability.
SurfControl Web Filter offers the most advanced filtering
technology available for the corporate environment, easing the challenge of
managing Internet usage in the workplace. It can help you increase
employee productivity, optimize network bandwidth, increase security and limit
legal liability that occurs when corporations provide Internet access to their
employees. Protect your employees and your company by promoting intelligent
Internet use.
SurfControl Web Filter offers a complete set of tools for monitoring, filtering and reporting on Internet Access:
The User Monitor and
Site Monitor display who is surfing where and for how long.
The Real-Time Monitor shows
surfing moment-by-moment as user requests are processed.
The Scheduler handles
LiveUpdates to the URL Category List, Network Group Updates and database
maintenance.
The Rules Administrator
provides an intuitive and easy to use interface for setting up you filtering
rules.
The Reports include over 60
charts and tables that graphically show trends and summaries of Internet
usage, as well as detailed tables of user activity when you need more
detail.
SurfControl's URL Category List is the premier database in the filtering industry, with 45 well organized categories, covering 130 sub-topics, 7 million sites, 1.3 billion pages and international content covering 70 languages and 200 countries.
The VCA dynamically and intelligently categorizes the new sites your users may discover. Using the VCA in conjunction with SurfControl's URL Category List gives you the most comprehensive filtering solution available.
NEW FEATURES IN VERSION 5.0
SurfControl Report
Central
A new web-based reporting engine, making it easier for
users throughout the organization to run and schedule the reports they need.
SurfControl Report Central also brings faster reporting and a new report showing
the how much time a specific user spent at each category.
ISA 2004
Integration
Provides filtering, monitoring and reporting for
Microsoft ISA 2004 Standard Edition as well as Microsoft ISA 2000
Policy Override
The
Microsoft ISA integration of SurfControl Web Filter allows a new rule type,
Policy Override. Trusted users can be given responsibility to continue to view a
page they believe has been incorrectly blocked. This activity is easily
identifiable so abuse can be quickly caught.
New URL Database
Categories
5 New categories have been added to create 45 categories.
These include Spyware, Downloads and Illegal Drugs
Active Directory
Support
New Browse your Active Directory tree from the
SurfControl Rules Administrator. You can select users and groups from Active
Directory for inclusion in your access rules. SurfControl Web Filter continues
to support NT Domain and Novell eDirectory environments.
VLAN
Support
Filtering, monitoring and reporting in VLAN
environments
Reduced Data Storage
The
option to reduce the amount of information logged and stored, but still capture
the relevant activity that you will want to include in reports.
Single Management
Console
View, monitor and manage multiple
SurfControl servers from a single location.
Faster and more resilient Data
Handling
The way logged data is written to
your MSDE or SQL database has been re-designed to vastly improve performance and
increase resilience to database problems.
Block while
categorizing
Pass-by products such as
SurfControl Web Filter for Windows have many advantages for your network, such
as zero latency and not being a point of failure. One risk is the "sneak peek"
which can occur sometimes with any pass-by solution. This is when a user
requests a site that is not allowed but is able to see the first page, but not
any images. A new "Block while Categorizing" feature has been added that will
minimize the risk of this happening.
Track User access by
Workstation
Identify if a user accesses the web from
different workstations.
Continuous VCA
processing
The VCA will now run as a service,
continually checking for new, uncategorized sites. In previous releases the VCA
was a scheduled task. This new design will improve the turnaround time for the
VCA categorization of a site that has never been seen before.
SECTION 2 - SURFCONTROL REPORT CENTRAL
What is SurfControl Report
Central?
SurfControl Report Central provides
a Web-based interface all the SurfControl Web Filter reports. It also provides
user authorization and report-level access control.
Single Web-Based
Interface
SurfControl Report Central provides
a Web-based view into all SurfControl Web Filter reports. Users can access and
run reports from any machine using the Microsoft Internet Explorer Web
browser.
Scheduling and
auto-distribution
Similar to the Report Wizard
offered in version 4.5 of the Web Filter, SurfControl Report Central supports
scheduled report generation and distribution via e-mail in 4 different file
formats.
Authenticated Access Control to
Reports
SurfControl Report Central provides
enhanced access control by letting administrators specify a subset of reports
that a user can see, including reports that can be customized to display only
specific criteria (e.g. users, groups, categories, etc.). This enables you to
share the responsibility of reporting on users' activities in a way that matches
your organization's management structure and privacy concerns.
Improved
Performance
SurfControl Report Central allows Quick and Summary reports to be cached on
a daily basis, improving access times for these commonly requested
reports.
Installation Requirements and
Limitations
The only supported Web browser in this release is
Microsoft Internet Explorer.
This release of SurfControl Report Central
is designed to work with only one report server.
Known
Issues
Adobe Acrobat
9276: HTTP Status 404 error thrown when URLs are
clicked on table based PDF reports.
These problems occur when using the
Acrobat Reader 5.0. The product works correctly when using Acrobat Reader
6.0.
Display Issues
8277: E-mailed HTML reports do not display
correctly in preview mode.
The preview mode does not function correctly
when viewing HTML reports that have been targeted to e-mail. The preview will
not display any images. The actual report that is e-mailed contains all images
and displays correctly when opened.
8390: On some HTML bar charts, the legend may
overlap the edge of the chart.
When viewing bar charts in HTML format,
the legend may slightly overrun the edge of the chart graphic. There is no
workaround available for this issue.
9785: Reports output as .rtf require Microsoft
Word.
If you select reports to be output in .rtf format, you must have
Microsoft Word installed in order for SurfControl Report Central to correctly
format the report.
11488: Reports display links that open in the same browser.
Some reports, such as the Top N Sites by Bandwidth, display sites as links to the actual website. When a user clicks on these links the site opens in the same browser window that the report was displayed in rather than opening it in a new browser window. The workaround to this is to click the browser's back button.
11882: Saving e-mailed HTML reports using Outlook Web Access results in report graphics not being displayed.
When sending SRC reports in .htm format via e-mail and subsequently saving the report attachments using Outlook Web Access the attachment filenames are modified by the e-mail client. This results in report graphics not being displayed in the .htm file as they are named differently to the image references in the HTML source code.
12957: Running a report in RTF format without MS Word installed does not close the browser window.
Running reports to be output in .rtf format when Microsoft Word is not installed results in the browser window remaining open after the File Download dialog has been closed. The workaround is to close the window when you see that the required file download action has completed.
Installation Issues
11541: The file path for the SRC installation files must be less than 260 characters.
When
installing the SRC the file path for the installation files must be less than
260 characters. Attempting to install to a file path whose length is equal to or
greater than 260 characters will result in a Windows error message - "The
filename or extension is too long." - and it will not be possible to continue
with the installation.
Other Issues
12665: Internet security settings can prevent the SRC client URL login screen from functioning correctly.
The SRC client URL login screen will not function correctly if the browser's Internet security setting is set to 'High'. The problem occurs because this setting disables the "run ActiveX controls" and the "active scripting" flags, which are needed by the SRC.
12666: 'Bypass proxy server for local addresses' IE connection setting should be checked when a proxy is in use.
When a proxy is being used to provide Internet access for users, individuals should make sure that the IE connection setting 'Bypass proxy server for local addresses' is checked otherwise the SRC will not load and a 'Page cannot be found error' (or similar) will be displayed instead.
SECTION 3 - LICENSE INFORMATION
The SurfControl Web Filter product
will run as an evaluation version for 30 days. During the evaluation period, you
can schedule and download updates to the URL Category List, so that you obtain
the latest version for testing.
The VCA product will run as an
evaluation version until serialized, but categorization work performed during
the evaluation period is not saved.
For complete installation and configuration information, please see the SurfControl Web Filter Installation and Configuration Guide. This is available as an Adobe Acrobat™ (PDF) document from http://www.surfcontrol.com/.
SECTION 5 - CUSTOMER REPORTED ISSUES FIXED IN THIS RELEASE
##
Description
370 Add
option for to create a report for
"Yesterday"
2279 Administrator does not handle
SQL Server Permissions errors.
5108 Installing
SWF on server with teamed/mirrored NIC cards causes blue
screen.
6027 'Enable Username Support' can
causes handle count to grow very large
6154
Partial pages being delivered on first request even though there is a rule
blocking access to them
6983 Default deny page
setting is lost when renaming or adding a new deny
object.
7483 Real-time monitor isn't redrawing
itself when you resize any column.
7621 Feature
Request to display Dropped packets counter in Performance
Monitor
7730 Importing rules when object has an
apostrophe fails.
7791 Invalid year value in
'From' Date Range of VCA report can cause Dr
Watson.
7873 Refresh function resets the data
order in the Users window in the Monitor
8473 Some countries missing from
registration dialog.
8572 Some VCA issues when
operating on Database over 5GB.
8593 Site host
names longer then 70 characters prevent flat files from
updating.
8616 Delay in communication between
EUM and Web Filter Service.
8649 Apostrophe in
user's 'real' name prevents friendly name from being
obtained.
8650 EUM agent puts high load on
Domain Controller CPU when sending cache
info.
8665 Error thrown in a multiple domain
environment which has the exact same group names in all the
domains.
8675 The netsurf1.inf file is not
replaced when upgrading from 4.2 SP2.
8705 MSN
Messenger and Yahoo messenger objects missing in protocols and
ports.
8725 The appropriate value is not shown
for the $CATEGORY variable in email notification messages for non-http
traffic.
8744 Unable to view users from other
domains in the Rules Administrator.
8865
'Repair' seems to have a problem in fixing modified .exe
files.
8866 Browse Time Report exceeding stop
time.
8882 Group name containing an apostrophe
is ignored during flat file import.
8911
Problems when monitored users have the same friendly
name.
8915 Feature Request to include in the
docs the details of fields in database
tables.
8976 Prevent the original URL Category
List from being overwritten if the new uncompressed downloaded file is
empty.
8979 In rare cases ScScout.exe crashes
when rule changes are committed.
9031 Rules
irregularity - rules not taking effect if delay between starting service and
committing is >= 20mins.
9069 Using
hostnames in 'Who' objects doesn't work for pass through
products.
9079 Octal URL string padded with
sufficient number of zeros is not blocked.
9094
In large environments selecting Sites in Advanced Criteria of Reporting takes a
long time to complete
9096 Details missing form
docs with regards to Netware EUM.
9181
Documentation doesn't adequately describe report behaviour when users are in
multiple groups.
9555 In some cases customers
with valid registrations will fail to download the URL Category List
updates
9559 Occasional incorrect page level
categorisation when root has been updated in URL Category
List.
9892 In some cases on multi-processor
servers Web Filter Server hangs when a blocking rule is
enabled.
10027 Feature Request to add precision bandwidth
control types.
10144 Feature Request to allow Real Time
Monitor to be run remotely
10145 Allowance notification is
being sent when the rule is first hit, not when the allowance is
exceeded.
10146 Feature Request to send a notification when
a specific file type is downloaded
10147 Record that a user
accesses the Internet from different workstations over
time.
10148 Feature Request for an option to make ISA to
Fail Closed.
10151 Feature Request to create a Deny Page
with more than 1024 chars for ISA integration
10187 Certain
page activity strings in flat files cause Connections.page_id =
-1.
10359 URL Category List updates are being inadvertently
blocked by customer policy
10740 Using SurfControl Web
Filter standalone in a Blue Coat environment could causing flood of excess
network traffic.
10979 Possible to by-pass web filter by
obscuring urls with @@ on certain web browsers
11292
Feature Request to purge database without needing to stop
filtering.
11293 Feature Request to record any object that
causes a block regardless of Monitored Data settings
4729: VCA results not correctly updated in Monitor.
13010: VCA
categorizations are incorrect when "Block Until Categorized" option is switched
on
To avoid both these situations you should set the VCA machine's
subnet to be unmonitored. For 4729 ISA and MS Proxy Server platforms, you should
create a new admin user for the VCA machine and then set that user to
unmonitored. 13010 is only an issue for SurfControl Web Filter for
Windows.
5249: Problem monitoring proxy using SurfControl Web Filter
for Windows.
If a user logs
into a proxy and generates Internet traffic via the proxy, EUM reports this user
name to the SWF server, which then monitors all proxy server hits with this user
name. Any subsequent traffic going through this same proxy is recorded
against the user logged who is into it. This can give the impression that a
single user generated a lot of internal traffic.
5647: Default upgrade
path does not install VCA or give the choice to install.
To upgrade and
install VCA, follow this procedure:
1. Start upgrade to V5.0.
2. On
the "Select Upgrade Option" screen, uncheck "Keep Existing Settings" and click
NEXT.
3. On the "Server Installation Options" screen, leave everything
checked (VCA is one of these options) and click BACK.
4. On the "Select
Upgrade Option" screen, check "Keep Existing Settings" and click NEXT.
5.
Continue through the rest of the installation. VCA will be installed and
existing settings are also kept.
5249: Mobile Filter Clients can't upgrade via the web when "Offline Action" is set to block all
Forcing Clients to upgrade while "Offline Action" is set to "Block All" stops the client from upgrading via a web page as all internet activity is being blocked on the client machine.
10644:
Policy Override is not available within the Rules Administrator on the Remote
Admin installation.
The policy
override option is not available on a Remote Administration installation, because the client is the same across platforms and policy override is
not supported by the pass-by plaform.
There are
only two available options on the Select Server Platform Type page during
installation:
1. Windows 2000/2003 (Pass by) or Microsoft Proxy Server.
2.
Microsoft ISA Server.
11072: Choosing Windows authentication in a
WORKGROUP fails to control the SWF service.
If SWF is
installed in a workgroup as opposed to a domain and Windows authentication is
chosen, setting the account for the service to run as 'This Account' does not
get set in the Services applet. For instance, say the username is
'administrator' and the password 'abc123', these details do not get set. This
culminates in a 997 error at the end of the installation because the SWF service
can't be controlled with the account credentials supplied. The workaround to
this is to manually change the logon details for the SWF Service in the Services
applet.
11534: Need SQL Client Tools in order to create a database on
a named instance of SQL Server.
In order to
create a database on a named instance of SQL Server using the SurfControl Create
MSDE/SQL Server Database wizard you must have SQL Client Tools installed on your
machine otherwise a series of errors are generated.
11813: Upgraded
User defined categories containing single category will be renamed.
User defined
categories containing a single category will be renamed to the name of the
category they contain. For example a user defined category 'MyCategory'
containing 'sport' will be renamed to 'sport'. If 'sport' already exists one
instance (depending on categorisation priority) will be renamed 'sport(1)'.
Users who wish to avoid this should enter characters in the
SmartScan window for categories they wish to keep prior to upgrade and then
remove them afterwards.
11839: When changing Spider Settings new
folder is not used until application is closed and reopened.
When changing the
Spider Settings file location in the Settings tab of the VCA application and
applying the changes, this new location is not used until the application is
closed and reopened.
12473: Selecting Mobile filter database settings changes only take effect after a reboot.
When changing the
SurfControl Mobile Filter database a reboot is required before the new database
is used.
12646: Mobile Filter Install doesn't check for the presence of Microsoft IIS.
The SurfControl
Mobile Filter server can be installed successfully on a server that does not
have Microsoft IIS installed, even though Mobile Filter will not work if IIS is
not present..
12922: Network Groups Update fails under NetWare scenario.
The following
situation causes a problem:
The user(s) no longer exist(s) on the domain
controller at the time a scheduled Network Group Update event was run AND their
last connection was later than that configured in the dialog for automatically
removing users after a given period of inactivity.
Under NT username
handling, the user(s) is/are removed. However, under Netware handling, the
user(s) is/are not removed and neither are their groups updated. The workaround
to this is to manually delete the user(s) once you know that they should no
longer be present.
12938: Severe errors are caused when upgrading is
cancelled while the SurfControl Database Updater dialog is in focus.
During product
upgrades an option is available to update the database currently in use by Web
Filter via a separate dialog (SurfControl Database Updater). If this is chosen
the main InstallShield window remains active allowing the Cancel button to be
selected. If the Cancel button is pressed on the main dialog and then the Update
button selected on the SurfControl Database Updater dialog a severe error is
generated - "ERROR: Unable to copy driver file to system directory". The Web
Filter can be installed after this message has been closed. However, performing
an uninstall of Web Filter throws another severe error - "ERROR: Timed out while
waiting for Web Filter Service to respond". The Web Filter will continue to
uninstall but the subsequent reboot will take considerably longer than
usual.
8651: Web Filter installation sometimes fails on ISA Servers with multiple network cards.
The product installation gets to the stage where it is installing the protocol device driver at which point it crashes. When this crash occurs no errors are returned and no events are written to the system event logs. If this problem arises, the following procedure must be followed in order to successfully install the Web Filter product.
1. Run the Web Filter setup from the command line using the following flag:
setup.exe –nodriverinstall
This will install the Web Filter without the driver. As the driver isn’t present the following error will be thrown once setup is completed (but before you are asked to register the product):
SurfControl Web Filter Setup - Severe
ERROR: Failed to control Web Filter Service error 997.
2. Once the installation has completed the driver must be manually installed and Web Filter Service started, as described below.
a) Right-click on My Network Places, and select the Properties option.
b) Right-click on Local Area Connection, and select the Properties option.
c) Click the Install button on the Local Area Connection Properties dialog.
d) Select the Protocol option on the Select Network Component Type dialog and click the Add button.
e) Click the Have Disk button on the Select Network Protocol dialog.
f) Browse to the ‘win2000 driver’ directory, located within the SurfControl directory, (the default path is C:\Program Files\SurfControl\Web Filter\win2000 driver directory), and double click the netsurf1.inf file.
g) Click OK on the Install From Disk dialog.
h) Click OK on the Select Network Protocol dialog.
i) Close the Local Area Connection Properties dialog.
j) Start the Web Filter Service.
Recording User Level share access.
If Windows 95/98 machines on the network are configured for User
Level Share, when anyone goes to open a file from one of those machines, the
domain controller records that the remote user logged onto the Windows
95/98 machine. This results in the browser activity from the Windows 95/98
machine being recorded under the incorrect user name. Windows NT domain
controllers demonstrate the same behavior.
Remote
Administrator with NDS.
When installing a Remote Administrator,
users will be presented with the dialogs to set-up username support as in the
Complete Product. The information from these dialogs is necessary to browse and
display data at the user specified Context in the NDS Tree. The specified NDS
Context should be the same as the one used in the Complete Product, but the
username and password information can be different. If a different username is
specified, this user should have the same rights to the NDS Context as the user
specified in the Complete Product. In addition make sure you choose the same
options for username monitoring in all installations.
NetWare EUM
does not work with long filenames.
The NetWare NLM for Username
support only supports 8.3 DOS directory formats; therefore, please copy the NLM
into a 8.3 DOS directory.
MSDE
The MSDE package included with SurfControl Web Filter is an English version, even when a translated version of Web Filter is installed. If you require a translated version of MSDE please download your chosen language version from the Microsoft Web Site, at http://www.microsoft.com/sql/msde/
*** END OF FILE ***