SurfControl Web Filter Version 5.0.1.49                        April 2005

Welcome

New Features in Version 5.0

License Information

Upgrading
Customer Issues Fixed
Known Issues

Welcome


Welcome to version 5.0 of SurfControl Web Filter for Windows, Microsoft Proxy Server, and Microsoft ISA Server and SurfControl's Virtual Control Agent™ (VCA.

SurfControl Web Filter offers the most advanced filtering technology available for the corporate environment, easing the challenge of managing Internet usage in the workplace.  It can help you increase employee productivity, optimize network bandwidth, increase security and limit legal liability that occurs when corporations provide Internet access to their employees. Protect your employees and your company by promoting intelligent Internet use.

SurfControl Web Filter offers a complete set of tools for monitoring, filtering and reporting on Internet Access:

 

New Features in Version 5.0


SurfControl Report Central

A new web-based reporting engine, making it easier for users throughout the organization to run and schedule the reports they need. SurfControl Report Central also brings faster reporting and a new report showing the how much time a specific user spent at each category.

ISA 2004 Integration

Provides filtering, monitoring and reporting for Microsoft ISA 2004 as well as Microsoft ISA 2000.

Policy Override

The Microsoft ISA integration of SurfControl Web Filter allows a new rule type, Policy Override. Trusted users can be given responsibility to continue to view a page they believe has been incorrectly blocked. This activity is easily identifiable so abuse can be quickly caught.

New URL Database Categories

7 New categories have been added since version 4.5. These include Spyware, Downloads, Illegal Drugs, Phishing & Fraud and Business.

Active Directory Support

Browse your Active Directory tree from the SurfControl Rules Administrator. You can select users and groups from Active Directory for inclusion in your access rules. SurfControl Web Filter continues to support NT Domain and Novell NDS/eDirectory environments.

VLAN Support

Filtering, monitoring and reporting in VLAN environments.

Reduced Data Storage

The option to reduce the amount of information logged and stored, but still capture the relevant activity that you will want to include in reports.

 

Single Management Console

View, monitor and manage multiple SurfControl servers from a single location.

Faster and more resilient Data Handling

The way logged data is written to your MSDE or SQL database has been re-designed to vastly improve performance and increase resilience to database problems.

 

Block while categorizing

Pass-by products such as SurfControl Web Filter for Windows have many advantages for your network, such as zero latency and not being a point of failure. One risk is the "sneak peek" which can occur sometimes with any pass-by solution. This is when a user requests a site that is not allowed but is able to see the first page, but not any images. A new "Block while Categorizing" feature has been added that will minimize the risk of this happening.

 

Track User access by Workstation

Identify if a user accesses the web from different workstations.

 

Continuous VCA processing

The VCA will now run as a service, continually checking for new, uncategorized sites. In previous releases the VCA was a scheduled task. This new design will improve the turnaround time for the VCA categorization of a site that has never been seen before.


Processing of suspected corrupt flat files:

During a flat file update, any invalid files found will be quarantined in the following created folder:

 

Program Files\SurfControl\Web Filter\tmp\quarantine

 

A new command line tool – treatquarantined.exe can then be run which checks these files line by line to see if they correspond to the correct format. Any corrupt lines are left in the original file with clean lines written to a new file in the tmp directory and the corrupt file then deleted from the quarantined folder.

 

SurfControl strongly recommends that  you use the Scheduler to run the treatquarantined.exe command on a daily basis. For more information see Knowledge Base Article 1611 at:

 

http://kb.surfcontrol.com/display/1/articleDirect/index.asp?aid=1611&r=0.7167627



License Information


SurfControl Web Filter will run as an evaluation version for 30 days. During the evaluation period, you can schedule and download updates to the URL Category List, so that you obtain the latest version for testing.

The VCA will run as an evaluation version until serialized, but categorization work performed during the evaluation period is not saved.


Upgrading

For complete installation and configuration information, please see the SurfControl Web Filter Installation and Configuration Guide. This is available as an Adobe Acrobat™ (PDF) document from http://www.surfcontrol.com/.


Customer Reported Issues Fixed In This Release

Issue Number

Description

370

Add option for to create a report for "Yesterday"

2279

Administrator does not handle SQL Server Permissions errors.

5108

Installing SWF on server with teamed/mirrored NIC cards causes blue screen.

6027

'Enable Username Support' can causes handle count to grow very large

6154

Partial pages being delivered on first request even though there is a rule blocking access to them

6912

Set all the SWF services to run as a valid user if windows authentication is selected during setup.

6983

Default deny page setting is lost when renaming or adding a new deny object.

7208

Poor grammar in Important Installation Information dialog

7218

Change email notification label for the 'Catch up mode notification' check box

7483

Real-time monitor isn't redrawing itself when you resize any column.

7621

Feature Request to display Dropped packets counter in Performance Monitor

7730

Importing rules when object has an apostrophe fails.

7791

Invalid year value in 'From' Date Range of VCA report can cause Dr Watson.

7873

Refresh function resets the data order in the Users window in the Monitor

8473

Some countries missing from registration dialog.

8572

Some VCA issues when operating on Database over 5GB.

8593

Site host names longer then 70 characters prevent flat files from updating.

8616

Delay in communication between EUM and Web Filter Service.

8649

Apostrophe in user's 'real' name prevents friendly name from being obtained.

8650

EUM agent puts high load on Domain Controller CPU when sending cache info.

8651

Web Filter Installation Fails on ISA Server

8665

Error thrown in a multiple domain environment which has the exact same group names in all the domains.

8675

The netsurf1.inf file is not replaced when upgrading from 4.2 SP2.

8705

MSN Messenger and Yahoo messenger objects missing in protocols and ports.

8725

The appropriate value is not shown for the $CATEGORY variable in email notification messages for non-http traffic.

8744

Unable to view users from other domains in the Rules Administrator.

8799

Consecutive screens with same title in InstallShield

8865

'Repair' seems to have a problem in fixing modified .exe files.

8866

Browse Time Report exceeding stop time.

8882

Group name containing an apostrophe is ignored during flat file import.

8911

Problems when monitored users have the same friendly name.

8915

Feature Request to include in the docs the details of fields in database tables.

8976

Prevent the original URL Category List from being overwritten if the new uncompressed downloaded file is empty.

8979

In rare cases ScScout.exe crashes when rule changes are committed.

8993

Categorize all 'None' issue

9031

Rules irregularity - rules not taking effect if delay between starting service and committing is >= 20mins.

9069

Using hostnames in 'Who' objects doesn't work for pass through products.

9079

Octal URL string padded with sufficient number of zeros is not blocked.

9094

In large environments selecting Sites in Advanced Criteria of Reporting takes a long time to complete

9096

Details missing form docs with regards to Netware EUM.

9181

Documentation doesn't adequately describe report behaviour when users are in multiple groups.

9555

In some cases customers with valid registrations will fail to download the URL Category List updates

9559

Occasional incorrect page level categorisation when root has been updated in URL Category List.

9892

In some cases on multi-processor servers Web Filter Server hangs when a blocking rule is enabled.

10027

Feature Request to add precision bandwidth control types.

10144

Feature Request to allow Real Time Monitor to be run remotely

10145

Allowance notification is being sent when the rule is first hit, not when the allowance is exceeded.

10146

Feature Request to send a notification when a specific file type is downloaded

10147

Record that a user accesses the Internet from different workstations over time.

10148

Feature Request for an option to make ISA to Fail Closed.

10151

Feature Request to create a Deny Page with more than 1024 chars for ISA integration

10187

Certain page activity strings in flat files cause Connections.page_id = -1.

10359

URL Category List updates are being inadvertently blocked by customer policy

10740

Using SurfControl Web Filter standalone in a Blue Coat environment could causing flood of excess network traffic.

10979

Possible to by-pass web filter by obscuring urls with @@ on certain web browsers

11072

Choosing Windows authentication in a WORKGROUP fails to control the SWF service.

11292

Feature Request to purge database without needing to stop filtering.

11293

Feature Request to record any object that causes a block regardless of Monitored Data settings

13025

Multi threading and shared memory synchronization

13051

Dual processor machines and problems in the service

13157

Concurrent enumeration requests in Active Directory Users node

13176

ISA Stop and Start can cause w3proxy.exe to fail

13184

Policy Override and proxy server settings

13243

Duration time calculations

13298

Deleting user defined groups

13302

Missing Hotkey for Allowance radio button

13303

Hotkey issues on Rule Properties dialog box

13392

Inconsistent manual commit failure

13393

ISA timeout

13394

ISA high load issue

13404

Network Groups Update timeout

13412

Committing manual categorizations

13446

Changed default size of flat files

13448

VCA updating issue

13554

Inconsistent behavior when using user Defined Where Objects

13654

Friendly names could be displayed in Privacy Version

13655

Web Filter service hangs following high cpu usage

13796

URLs in Precise Bandwidth Control objects

13941

Purge Failing

Issue Number

Duplicate categories appearing after URL Category list updates

 

 

Known Issues

 

Issue Number

Description

4729

VCA results are not correctly updated in Monitor.

13010

VCA categorizations incorrect when "Block Until Categorized" option is switched on.
VCA categorizations are incorrect when "Block Until Categorized" option is switched on. To avoid both these situations you should set the VCA machine's subnet to be unmonitored.
For 4729 ISA and MS Proxy Server platforms, you should create a new admin user for the VCA machine and then set that user to unmonitored.
13010 is only an issue for SurfControl Web Filter for Windows.

5249

Problem monitoring proxy using SurfControl Web Filter for Windows.
If a user generates Internet traffic via a proxy, EUM reports this user name to the Web Filter server, which then monitors all proxy server hits with this user name. Any subsequent traffic going through this same proxy is recorded against the user logged into it. This can give the impression that a single user generated a lot of internal traffic.

5647

Default upgrade path does not install VCA or give the choice to install.
The default upgrade path does not install VCA or give the choice to install.

To upgrade and install VCA, follow this procedure:

1. Start upgrade to V5.0.

2. On the "Select Upgrade Option" screen, uncheck "Keep Existing Settings" and click NEXT.

3. On the "Server Installation Options" screen, leave everything checked (VCA is one of these options) and click BACK.

4. On the "Select Upgrade Option" screen, check "Keep Existing Settings" and click NEXT.

5. Continue through the rest of the installation. VCA will be installed and existing settings are also kept.

9266

Mobile Filter Clients can't upgrade via the web when "Offline Action" is set to block all.
Mobile Filter Clients can't upgrade via the web when "Offline Action" is set to block all

Forcing Clients to upgrade while "Offline Action" is set to "Block All" stops the client from upgrading via a web page as all internet activity is being blocked on the client machine.

10644

Policy Override is not available within the Rules Administrator on the Remote Admin installation.
Policy Override is not available within the Rules Administrator on the Remote Admin installation.

This is because the client is the same across platforms and policy override is not supported by the pass-by platform.

There are only two available options on the Select Server Platform Type page during installation:

1. Windows 2000/2003 (Pass by) or Microsoft Proxy Server.

2. Microsoft ISA Server.

11534

Need SQL Client Tools in order to create a database on a named instance of SQL Server.
Need SQL Client Tools in order to create a database on a named instance of SQL Server.

To create a database on a named instance of SQL Server using the SurfControl Create MSDE/SQL Server Database wizard you must have SQL Client Tools installed on your machine otherwise a series of errors are generated.

11813

Upgraded User defined categories containing single category will be renamed.
Upgraded User defined categories containing a single category will be renamed to the name of the category they contain.

For example a user defined category 'MyCategory' containing 'sport' will be renamed to 'sport'. If 'sport' already exists one instance (depending on categorisation priority) will be renamed 'sport(1)'. Users who wish to avoid this should enter characters in the SmartScan window for categories they wish to keep prior to upgrade and then remove them afterwards.

11839

When changing Spider Settings new folder is not used until application is closed and reopened.
When changing the Spider Settings file location in the Settings tab of the VCA application and applying the changes, this new location is not used until the application is closed and reopened.

12473

Selecting Mobile filter database settings changes only take effect after a reboot.
When changing the SurfControl Mobile Filter database a reboot is required before the new database is used.

12646

Mobile Filter Install doesn't check for the presence of Microsoft IIS.

The SurfControl Mobile Filter server can be installed successfully on a server that does not have Microsoft IIS installed, even though Mobile Filter will not work if IIS is not present.

12922

Network Groups Update fails under NetWare scenario.

The following situation causes a problem:

The user(s) no longer exist(s) on the domain controller at the time a scheduled Network Group Update event was run AND their last connection was later than that configured in the dialog for automatically removing users after a given period of inactivity.

 

Under NT username handling, the user(s) is/are removed. However, under Netware handling, the user(s) is/are not removed and neither are their groups updated. The workaround to this is to manually delete the user(s) once you know that they should no longer be present.

12938

Severe errors are caused when upgrading is cancelled while the SurfControl Database Updater dialog is in focus.
During product upgrades an option is available to update the database currently in use by Web Filter via a separate dialog (SurfControl Database Updater). If this is chosen the main InstallShield window remains active allowing the Cancel button to be selected. If the Cancel button is pressed on the main dialog and then the Update button selected on the SurfControl Database Updater dialog a severe error is generated - "ERROR: Unable to copy driver file to system directory". The Web Filter can be installed after this message has been closed. However, performing an uninstall of Web Filter throws another severe error - "ERROR: Timed out while waiting for Web Filter Service to respond". The Web Filter will continue to uninstall but the subsequent reboot will take considerably longer than usual.

N/A

Recording User Level share access.

If Windows 95/98 machines on the network are configured for User Level Share, when anyone goes to open a file from one of those machines, the domain controller records that the remote user logged onto the Windows 95/98 machine. This results in the browser activity from the Windows 95/98 machine being recorded under the incorrect user name. Windows NT domain controllers demonstrate the same behavior.

N/A

Remote Administrator with NDS.

When installing a Remote Administrator, users will be presented with the dialogs to set-up username support as in the Complete Product. The information from these dialogs is necessary to browse and display data at the user specified Context in the NDS Tree. The specified NDS Context should be the same as the one used in the Complete Product, but the username and password information can be different. If a different username is specified, this user should have the same rights to the NDS Context as the user specified in the Complete Product. In addition make sure you choose the same options for username monitoring in all installations.

N/A

NetWare EUM does not work with long filenames.

The NetWare NLM for Username support only supports 8.3 DOS directory formats; therefore, please copy the NLM into a 8.3 DOS directory.

N/A

MSDE

The MSDE package included with SurfControl Web Filter is an English version, even when a translated version of Web Filter is installed.  If you require a translated version of MSDE, please download your chosen language version from the Microsoft Web Site, at http://www.microsoft.com/sql/msde/

 

*** END OF FILE ***