(80695) Error template for Japanese is incorrect (80686) When multi-process is enabled, entries are no longer written in Incident Manager (80673) MWG is not able to resolve the certificate chain (80672) Logfile pushing not working (80663) MWG opens second tcp connection w/ DC causing all auth to fail (80651) Migrate Auth Server port value address to redirect address if applies (80649) Users routinely receive 'Cannot Load AV Engine' (80631) NTLM Agent memory usage grows steadily over time (80593) Big Mails: Webwasher deletes e Mail Body, Attachment and summary (80526) The interface speed is always resetted to autosense when using bonding (80478)o oo oo oo oo o ooo o oo o o o WW cannot display CN of attached CA (80380) Welcome Page not working in MP (80327) Certificate warnings for HTTPS block pages over HA virtual IP (80288) SNMP: Dell MIBs (22.214.171.124.4.1.674) stop working (80055) Extended list editor not working under Vista (79946) "loadconf" overwriting wrong policy (79863) Garbage Collector overload detected. (79643) Progress Page not working under some circumstances (76562) src_ip and auth_user are not working in the (76236) Connection timeout during ftp upload (75902) Can not whitelist Web Upload Filter (75473)o o o o o o o o Known Issues o o Secure Shell (CLI) cannot be configured anymore via https (80946) Attempt to recover connection to AD taking longer than 3 minutes (80942)6.8.6 build 5788: Part Number 91-0950032-A -----------------------------------------New and Improved o Improved stack size handling for auth server and end user port (80676) Change default settings for Trusted Source Web Reputation (80624) Home-> Support should link to Mc Afee (80576)o o o o Improved Welcome Page functionality (80547, 79063) Add new certificates and hosts to SSL Scanner lists (80352, 80527)Bugs Fixed o SSL Scanner bypass vulnerability on wildcard certificate check (80680) Endless loop in Cab archive (80652) SNMP traps for URL list updates not working (80648) Receiving " Download Cancelled" after clicking download button in IE7 (80647) Document Inspector System Alert will not disappear (80646) Prevent DOS attack to authentication server (80642) WW prints internal messages to errors log (80629) Advertising filter destroys Java Script (80627) MP: Inconsistent IP mapping with Multi Process mode (80623) Microsoft Project file (extension) blocked as audio/mpeg (80622) WWo B: on master blade feedback scripts (started with "2") shows "lsof" related warnings (80615) Memory defrag script (80610) Download of gmx e Mail attachments failed (80609) MPCluster Control unable to update nodes when Web Interface has IP restrictions (80608) Native NTLM: Group memberships get mixed up (80607) Crash when talking to e PO server (80606)o o oo o o o o ooo o oo o o o o" Detect unsolicited POSTs" will break forms (80591) Archive blocked as corrupted (80581) SSL-Scanner - HSM-Agent: Root CA key cannot be loaded on startup (80571, 80578) Must be able to handle multiple 100-Continue messages from web server (80567) Update from 6.7.6 to 6.8.5 broke (80540) Long text causing page display issues (80539) Content type "application x-ms-application" is changed to "text/xml" (80530) Real-time classifier blocks words containing unicode characters (80508) SNMP statistics are not accurate after multi-process is enabled (80479) Outdated Dynablocator directory and file is copied to all ICAP processes in MP (80474) Redirect via query string parameter on gui login page (80444) Potential cross-site scripting vulnerabilities in web UI (80442, 80443) Certain Generic Header Filter combination may crash MWG(80430) URL Executive Summary (80398) Drop downs for dashboards not displayed right in IE (80392) WCCP and overload protection not playing nice together (80342) Quota reset does not work from secure admin shell (80287) Safe Search enforcer produces false positives (79898)oo o ooooo oo o o o o o o o o o o o o o Known Root CAs not synchronized in Cluster (79513) Download Canceled page always displayed in English (79326) e Directory settings broken by cluster (78709) HTTP links in HTTPS blockpages (78634) Unwanted red warning for anonymous ldap bind (78612) Time and Date in web interface is reset after reboot (78085) Web Upload Filter active, even though not enabled (77079) Src_ip and auth_user are not working in the (76236)6.8.5 build 5330: Part Number 91-0949869-E -----------------------------------------Bugs Fixed o o Native NTLM: Group memberships get mixed up (80607) SSL-Scanner - HSM-Agent: Root CA key cannot be loaded on startup (80571) Various crashes in SSH command line interface (80522, 80524, 80523, 80616, 80621)o6.8.5 build 5141: Part Number 91-0949869-D -----------------------------------------Bugs Fixed o o o o Memory is getting filled up in 3 minutes (80535) Incorrect group mapping using native NTLM-authentication (80528) Authentication problem with NTLM-agent (80515) Problems related to TCP window scaling occur for some sites after upgrading (80517) o o o Problem with centralized A/V updates (80516) Role allows reading logs, but Webwasher is forbidding it (80504) Auto-pushing fails when using domain\user for the username field in the common push target (80495) Escape character for shockwave-flash media type not being treated properly (80490) Mpcluster control jumping between stati (80485) Files over 4 GB shows wrong size over FTP (80412)oo o6.8.5 build 5094: Part Number 91-0949869-C -----------------------------------------Bugs Fixed o Not possible to initialise Generic Body Filter if Anti-Malware is not licensed (80513, 80521)6.8.5 build 5051: Part Number 91-0949869-B -----------------------------------------New and Improved o Ability to disable exploit protection against double Content-Length headers (80459)Bugs Fixed o o o o o FTP over FTP Client is not working after upgrade on 6.8.5 (80476) Option to add leading Slash in FTP Retr Command (78400) Download fails sporadically using Progress Pages (80041) Log pusher attempts to push files that no longer exist (80468) Problems with log rotation and merging (80473) o For clean installations on WW2900E cache cannot be enabled (80480) WW500 failed to boot after upgrade (80475) Sporadic Authentication Popup with Native NTLM (79684) Webwasher crashes in Authenticode Filter (80487)o o o6.8.5 build 4971: Part Number 91-0949869-A -----------------------------------------New and Improved o Support Anti Malware engine with Proactive NG (79968) (NOTE: Requires an AV and a Proactive update after version upgrade) Log Manager: Ability to configure pushed log filename (80360) ICAP client: workaround for incompatible DLP servers (79839) Incremental update for Mc Afee AV engine (80333) Support WCCP " Weight" functionality (80423)o o o o Bugs Fixed o o Too many 407 responses when using NTLM cache (80251, 79988) Central Management: running feedback from GUI froze master and sites (80385) Log Manager: Several improvements (80386, 80378, 80374, 80367, 80360, 80370, 80345, 80339, 80361) GUI: filter option overwrites routes (80369) SSL Scanner: error behavior in case of unicode encoded cn in transparent environment ICAP client: Reponse time increased after enabling multi processing (80363)oo oo o Trusted Source: score still applied even though domain is whitelisted for spam filter (8035) Proxy: Improved Timeout values (79958) Welcome page may incorrectly build the submit action link (80285) Overload issues persist with 6.8.4 (80407, 80406, 80393) Problem with custom action in Multi Process mode (80405) MP Control stopped maintanance after icap server crash (80415) Interrupted requests should be logged in proxy's (80422) HA cluster is not working as expected (80176, 80075)o o o o o oo6.8.4 build 4798: Part Number 91-0949750-A -----------------------------------------New and Improved o o o Support Mc Afee's e Policy Orchestrator (e PO) (79918) Rebranding to Mc Afee (79924) Increase robustness against AV update issues (79920, 79939, 79940, 79975) Log file push enhancements (79914) Support cache_status and block_res in custom logfiles (78232) Parent proxy policy enhancement for URL AND IP subnet (79803) NTLM Cache should be a GUI option (79900) Show time interval length in Dashboard (78977) Default Respmod Whitelist for problematic sites (80293)o o o o o o Bugs Fixed o o o Too many 407 responses when using NTLM cache (80251, 79988) SNMP variables do not reset automatically (80026) Login page is missing error message when bad credentials are entered (80020) Breaking connection to AD on error STATUS_INVALID_WORKSTATION (80023) Authentication failing with mutilple NTLM agents (80017) File incorrectly identified as audio/mpeg (79961) E-Mail attachments(. PPT) are blocked by Media Type Filter as mpeg (79938) Cannot join WW to domain with trusted credentials (79878) RADIUS password limits at 16 characters (79845) Web Upload Filter: size limit without effect (79925) Web Upload Filter works although Media Type Filter is switched of (79869) SNMP: unexpected CPU idle values (79751) New timeout for initial request on a connection (80066) Obfuscate username/password in authorized override url (80024) Usernames with umlauts or rings cannot authenticate via native NTLM (79999) FTP-Problem Webwasher loses the credentials (79989) Web Washer problems due to hanging action - Mobile Code Filter Update (79907) SSLScanner: No timeout when upstream proxy is used (79906)oo o oo o o oo o o oo oo o o o Crash in document inspector (79902) Old av updates not getting deleted (secure antimalware) (79876) Not all 'Certificate Subject Alt Name' entries passed, resulting in certificate prompt in browser (79867) AV license bug - update fails when the first AV module runs out of date (79826) Crash during multi-threading processing of Rar archive (79814) CCache Socket:: Read Preview Data corrupts content when called more than once (79811) webwasher delivering truncated content (79809) Crash in Cache:: CWeb Object::~CWeb Object (79793) Termsignal 11 crashes related to CLI access under heavy load (79775) WW delivers corrupt tar archive even when policy is set to block corrupted archives (79765) asctime, ctime, gmtime && localtime not threadsafe (79761) Anti Virus update didn't abort in time (79753) Termsignal 11 backtrace points to CCab Decoder:: Get Lzx Bits Buffer (79748) Termsignal 7: Bus error during Sophos update (79742) crash (termsig=11) in std::_Rb_tree_rotate_right (79706) Read-Only User Accounts can't access log files via web access (79701) LRU blocks after restart with full cache and constant load (79700) Webwasher unable to start another thread, termsignal=6 (79665)oo oo o ooo o oo o ooo o o o Cannot load certificate for web interface IP address (79625) WW is crashing with termsignal=7 directly after start (79623) HTTP Error 401.2 when NTLM Auth on Webwasher and Webserver (79612) Content Type ".ods/mimetype" is changed to "." (79609) Unwanted Mediatype not blocked when in TAR Archive (79606) Secure Administration Shell fails to accept large input files (79544) Raw post option doesn't stick (79509) Webwasher changed response body (79236) XML parsing error because of header modification (78989) Web reputation level not always logged correctly (79897) Invalid Proxy Request when downloading HTTPS file with enabled volume quota and transparent proxy (80034) Office 2007 Excel files blocked by magic bytes (79102)o o oo o o o oo6.8.3 build 4533: Part Number 91-0949361-C -----------------------------------------New and Improved o o Ability to downgrade to HTTP/1.0 on a per url basis (79205) SSL Scanner: Different redirect handling for CERTVERIFY requests when transparent authentication has expired (79841) Additional RESPMOD bypass options (80001)o Bugs Fixed o Policymapping: Problem with policy names (79864) o o Proxy/ICAP Server: Hanging threads (79840) AV-Update: New updates should not abort old updates too early (79975) SSL-Scanner: No timeout when upstream proxy is used (79906) Archiver: Crash during multi-threading processing of Rar-Achive (79814) Document Inspector: Crash in Document inspector (79902) Filter Engine: Wewasher crashed with termsignal 11 (79945) ICAP Server: " Send Body in one Frame" not always working (79978) ICAP Server: Optimized 204 response messages (79890)o oo o o o6.8.3 build 4311: Part Number 91-0949361-B -----------------------------------------New and Improved o openssl: Address CVE-2008-5077Bugs Fixed o o GUI: Problems with check boxes in user based mapping (79822) Authentication: In special cases NTLM authentication causes browser loop (79821)6.8.3 build 4214: Part Number 91-0949361-A -----------------------------------------New and Improved o Authentication: Native NTLM support for Windows Server 2008 AD (79567) Authentication: Better handling for wrong NTLM messages based on a Windows problem described ino (79723) o o o Prevent XSS with Progress Pages (79531) Proxy: Prevent connect to (79530) Close download connection for files right after delivering (79709) Feedback Script: New log level for collecting statistical informationo Bugs Fixed o o Proxy: Webwasher crashes with Termsignal 11 (79671) Proxy: FTP over HTTP can't handle some symbols in file/folder names (79451) Proxy: Crash in IFP server for invalid request (79760) Proxy: Sporadic problems with early web server connection close (e.g.Enable more effective threat detection, reduce incident response times, and improve operational efficiency.After further investigation, I found out that some corporate firewalls were blocking the site, presumably because they had misclassified as a site that employees were using to search for new jobs.Getting our site whitelisted took much more time than I would have liked, and we’re not done yet.
The steps for configuring the firewall are meant for a corporate firewall positioned between WSUS and the Internet, or between an active software update point or an active Internet-based software update point and the upstream server.
Mc Afee Advanced Threat Defense and Mc Afee Threat Intelligence Exchange are key integration points.
A complete range of enterprise and medium-capacity appliances offers affordable protection and scalability for the most demanding IT environments.
There are many different configurations which a ruleset can be configured with however so we will provide some best practice ideas when implementing rules along with some information into how the SSL (HTTPs) process works.
In order to block or allow SSL traffic on the Web Gateway, you are going to need to have some basic knowledge of how SSL traffic works with proxies and what needs to be done to inspect SSL traffic.