Last Revision:
November 28, 2013
These notes are additional to the WebMarshal User Guide and supersede information supplied in that Guide.
The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q15132.
New Features
System Requirements
Upgrade Instructions
Uninstalling
Release History
For more information about additional minor features and bug fixes, see the release history.
TRACEnet\Spam Sites).To review earlier feature enhancement history, see the release notes for earlier WebMarshal versions.
Hardware required is dependent on the number of concurrent web users and the rules in use. Use of Filtering Lists improves performance. Heavy use of TextCensor decreases performance.
Typically a computer with the following specifications is adequate as a processing server for 250-500 concurrent users.
WebMarshal Array Manager and processing servers require the following software:
Note: Install Windows using the English language version.
WebMarshal Console can be installed on the following operating system versions:
To upgrade from a previous version 6.X release, run the product installer on each server where WebMarshal components are installed (including the Array Manager, and any additional processing node servers and Console installations).
If you are logging data to a SQL database, the database must be upgraded. If necessary, the installer will prompt for credentials of a database user with permission to upgrade the database (database owner privilege). If the database is not upgraded, database logging will be disabled until you upgrade the database and re-enable logging. For more information and instructions, see Trustwave Knowledge Base article Q12030.
See the upgrade notes below for version-specific information.
When you upgrade a WebMarshal 6.0 installation to the latest version, you will be asked if you want to upgrade your policy. The policy upgrade adds new sample HTTPS and Connection Rules and policy elements, to assist you in using new features of the product. The upgrade does not change any existing policy elements, and it does not change the effective rules.
Note: Using HTTPS Content Inspection significantly increases CPU usage on the WebMarshal processing servers (due to encryption and decryption load). Depending on the amount of HTTPS traffic that you choose to inspect, you may need to improve your server specification.
You cannot upgrade directly from a version 3.X installation. Due to the changes in policy structure and server communication in WebMarshal 6.X, you must install WebMarshal 6.X as a new installation. Database and software upgrade from version 3.X or earlier versions is not supported. Upgrade from Beta releases of WebMarshal 6.0 is not supported.
Note: Version 3.X license keys are not valid for WebMarshal 6.X. You must obtain a new permanent key. When installed, WebMarshal generates a 30-day trial key.
You can install WebMarshal 6.X side-by-side with WebMarshal 3.X on the same server. For details, please see Trustwave Knowledge Base article Q11833.WebMarshal can be installed in a variety of scenarios. For full information on uninstalling WebMarshal from a production environment, see the WebMarshal User Guide.
To uninstall a trial installation on a single computer:
The following additional items have been changed or updated in the specific build versions of WebMarshal listed.
| WM-4675 | Files in the Templates folder being served in web responses could be locked and prevent application of policy changes. Addressed with improved buffering of files smaller than 32 KB. Larger files, if required, should be served from a web server. |
| WM-4768 | The included Sophos for Marshal DLL and installer are updated to version 1.0.4. |
| WM-4784 | The included SQL Express installer is updated to 2008 R2. The database size limit imposed by Microsoft for this version is 10GB. |
| WM-4785 | In earlier 6.10 releases, HTTPS inspection of Google and YouTube sites could be ineffective. Fixed by WM-4796. |
| WM-4786 | Installation of prerequisites could cause a system restart with no confirmation. Fixed. |
| WM-4787 | Upgrade from earlier 6.10 versions on an ISA server incorrectly detected WebMarshal ISA plugin mode. Fixed. |
| WM-4788 | WebMarshal now supports the MLSD command in FTP connections when using HTTPS content inspection. |
| WM-4789 | In earlier 6.10 releases, the M86 Filter List (Trustwave Web Filter) did not respond correctly when a path within a site was categorized differently to the base URL. Fixed |
| WM-4790 | The "Purge unreferenced users at midnight" option did not run daily as expected. Fixed. |
| WM-4791 | The "Purge unreferenced users at midnight" setting was not saved to the configuration file. Fixed. |
| WM-4793 | The included Kaspersky for Marshal DLL and installer are updated to version 1.0.3. |
| WM-4796 | WebMarshal now supports Server Name Indication (SNI) for HTTPS sites. |
| WM-4797 | WebMarshal now supports adding the X-Authenticated-User header. For details, see Knowledge Base article Q16479. |
| WM-3705 | WebMarshal now supports additional HTTP methods used by Subversion and Microsoft extensions, and included in RFC 3253: REPORT, MKACTIVITY, CHECKOUT, MERGE, BCOPY, GETLIB, (GETSOURCE), (POSTSOURCE), (HEADSOURCE), CHECKIN, VERSION-CONTROL, UNCHECKOUT, LABEL, MKWORKSPACE, BASELINE-CONTROL, ORDERPATCH, PATCH, RPC_IN_DATA, RPC_OUT_DATA |
| WM-4771 | WebMarshal now supports the HTTP methods LOCK and UNLOCK |
| WM-4772 | In version 6.10.1, some temporary files were not deleted when proxy caching was enabled. Fixed. |
| WM-4773 | The Exclude from Reporting setting was not correctly applied for Connection Rules in the Active Sessions view. Fixed. |
| WM-4774 | The included Sophos for Marshal DLL is updated to version 1.3.4.0. |
| WM-4775 | TextCensor is updated to correct a false trigger on credit card number strings. |
| WM-4776 | Proxy timeout for SSL and FTP connections can now be specified with an entry in the proxy configuration XML file. See Q12914. |
| WM-4782 | Integration with VuSafe has been removed from WebMarshal because the VuSafe service is being terminated as of September 1, 2013. |
| WM-4783 | In version 6.10.1, block pages could be displayed to users for reasons that were not obvious (related to binary files of unknown type used in the background by legitimate websites). |
| WM-4715 | The Server Tool now applies different default and maximum thread counts for 32 or 64 bit proxies. |
| WM-4725 | The January 2013 version of the Google Images results did not show image previews when accessed through WebMarshal in some cases. Fixed. |
| WM-4732 | Basic Authentication connection to an upstream proxy could fail in some cases due to a problem with string data. Fixed. |
| WM-4766 | The included Kaspersky for Marshal DLL and installer are updated to version 1.0.2. |
| WM-3714 | WebMarshal development now uses Visual Studio 2010. |
| WM-3842 | The Active Directory connector no longer imports Computer accounts. |
| WM-4091 | The Email Notifications edit field in the Console did not accept multiple addresses when the required semi-colon was followed by a space. Fixed: spaces are now ignored. |
| WM-4211 | An incorrect error message was shown when a user attempted to access Global Settings without Modify permission. Fixed. |
| WM-4267 | FileFilter was reported not to work with URLs longer than 256 characters. Function has now been verified with URLs up to 2048 characters. |
| WM-4296 | URLs including non-standard ports did not match entries in the Web Filter database (M86 URL filter list). Fixed. |
| WM-4417 | When a service cannot create a text log file, it logs this error to the Windows Event Log. |
| WM-4453 | Certain XLSX files took excessive resources to unpack. Fixed. |
| WM-4511 | The PurgeLogData stored procedure in the reporting database could deadlock with insertions. An index has been added to the SessionLog table to enhance performance. |
| WM-4518 | Traffic log files were not purged as scheduled in some cases where the date was not correctly found. Fixed. |
| WM-4574 | The RuleWarnings.XML file used to propagate warnings to nodes could grow large and cause delays. Fixed: the file is pruned of unnecessary data. |
| WM-4575 | Proxy temporary files were not deleted in some rare circumstances. Issue addressed by re-trying deletion of these file if the first deletion fails. |
| WM-4577 | WebMarshal Proxy is now installed in a native 64 bit version on 64 bit systems. |
| WM-4598 | The Proxy Cache Tool is now available in a 64 bit version. |
| WM-4600 | WebMarshal Proxy 64 bit version supports NDS. |
| WM-4606 | WebMarshal can now create Traffic Logs in W3C format (as well as WELF format). |
| WM-4619 | In version 6.9.5 and 6.9.6, the Console Active Sessions raised an "item not found" error when the selected user triggered a rule within nested Policy Groups. This issue did not affect rule processing. Fixed. |
| WM-4635 | The Engine service could encounter an issue when shutting down due to incorrect order of events. Fixed. |
| WM-4636 | Text log files now include better information of the product version number and server name. |
| WM-4644 | WebMarshal block pages were vulnerable to cross-site scripting attack. Fixed. |
| WM-4650 | Proxy service logs could include basic authorization strings. Fixed. |
| WM-4653 | Active Sessions display performance was poor for large sessions. Fixed. Note that some additional files are now ignored in Active Sessions display. See Help for the Active Session Files window. |
| WM-4655 | The number of concurrent connections from a single client IP address is now limited. The limit can be configured. See Q15307. |
| WM-4673 | The SafeSearch feature now includes YouTube Safety Mode. |
| WM-4677 | Dashboard graphs for Page Requests, Bandwidth, Traffic Type, and Cache Bandwidth are now expressed as Bytes or number per second. |
| WM-4680 | WebMarshal can no longer be installed or upgraded as a plug-in to ISA or TMG. |
| WM-4697 | URLs longer that 500 characters in the M86 Filter List (WFDB) caused a failure that prevented update of the database. Fixed. |
| WM-4514 | In release 6.9.5, TextCensor items including some special characters were not correctly matched. Fixed. |
| WM-4516 | In release 6.9.5, TextCensor items including some special characters were not upgraded correctly from the earlier TextCensor format. Fixed. |
| WM-4524 | In release 6.9.5, performance counters were not registered under the US English version of Windows with a locale setting. Fixed. |
| WM-4529 | In release 6.9.5, the OR keyword incorrectly returned logical "false" when an input was an empty position set (generated by a subexpression such as a FOLLOWEDBY b). Fixed: Evaluating OR with two position sets now returns a position set as the result, even if the input sets are empty. |
| WM-4530 | In release 6.9.5, word positions were incorrectly returned for text with conditional word break characters such as the apostrophe and hyphen. Fixed. |
| WM-4208 | On non-English versions of Windows, a failure to load performance counters was logged repeatedly. Fixed: logging and retry time are correctly limited. |
| WM-4351 | When a URL entry in a category was edited in the Console, comment and insert date were lost. Fixed. |
| WM-4396 | The default value for maximum number of proxy threads has been increased to 4000. See the upgrade notes above. |
| WM-4406 | An additional TRACEnet DLL file was included in the installation. This did not affect operation. Fixed. |
| WM-4407 | When upgrading from version 6.5.6 or below to earlier 6.9 releases, child category information was not correctly imported. Fixed. |
| WM-4410 | It is now possible to configure a custom Via: header to obfuscate the source of requests. Contact Trustwave for details of the setting. |
| WM-4412 | The Controller could not load the list of users (Users.xml) in some cases due to problems with encoding and illegal XML characters. Fixed: The file is correctly declared and written as UTF-8 and illegal characters are stripped. |
| WM-4414 | Proxy and Filter threads could wait for a long time and consume a large amount of memory if the Engine was not responding. Fixed: a timeout has been set for this wait. |
| WM-4415 | Full logging (to text logs) now includes detailed information about aborted and blocked requests (including rule name and user name if applicable). |
| WM-4420 | The TextCensor functionality has been upgraded. New functionality includes support for Unicode and non-alphabetic languages. This release also includes initial support for automatic upgrades to the TextCensor functionality, through the Array Manager. |
| WM-4450 | The Proxy service could encounter a processing loop as a result of a bad response from a site (only when full logging was enabled). Fixed. |
| WM-4455 | Users with Unicode characters in the username could not authenticate. Fixed. Note that NDS does not support Unicode names. |
| WM-4456 | Minor additions have been made to database structure to support future use of Unicode data in reports. |
| WM-4457 | Database synchronization of users could fail with "Access denied due to ACL" in some cases where strict security was set within WebMarshal. Fixed. |
| WM-4470 | When an unpacking error occurred, file-related conditions were not run on the top-level file. Fixed. |
| WM-4489 | WebMarshal performance counters were not available when the Windows display language was other than English. Fixed. |
| WM-4491 | Error messages returned by the operating system as Unicode strings are now displayed properly in WebMarshal notification pages. |
| WM-4497 | URLs entered into categories without a reason (comment) entry were not displayed in the Console after a restart of the Array Manager. Fixed. |
| WM-4404 | After upgrading to version 6.9, child categories were not visible in the Console. Fixed. For more details and a workaround, see Trustwave Knowledge Base article Q14286. |
| WM-2758 | URL Category listings were not correctly sorted by append date under some regional date formats. Fixed. |
| WM-3345 | The Rule condition "Where file contains a file of type..." was also triggered by a file of the specified type (not a parent file). Fixed: This condition now only triggers on a parent file that contains a file of the specified type. |
| WM-3487 | The WebMarshal Support Tool logs additional information including Total Physical Memory, Country Code, Debug Build, and DEP Policy. |
| WM-3890 | The WebMarshal Proxy Logon application now supports Windows logons as well as NDS, to support web applets that cannot authenticate to the proxy. |
| WM-3931 | The WebMarshal ISA plug-in now supports ISA 2010 (Forefront TMG). |
| WM-4088 | An IP range group can now be edited. |
| WM-4128 | With Internet Explorer 7, block pages were not correctly displayed due to the browser's behaviors. Fixed. |
| WM-4238 | Retry behavior for TRACEnet update downloads has been optimized. |
| WM-4240 | The Console could close unexpectedly due to a memory corruption problem. Fixed. |
| WM-4274 | In ISA plugin mode, requests from some browsers could be unfiltered due to differing format requirements for NTLM between WebMarshal and ISA. Fixed. |
| WM-4277 | NDS was not detected on Windows 2008 x64 systems. Fixed. |
| WM-4280 |
The Array Manager could stop unexpectedly when attempting to
write the perfmon.xml file, when the file was locked. Fixed. |
| WM-4282 | PestPatrol and CounterSpy packages are no longer available from the installation wizard. These plug-ins are no longer sold. Customers with existing installations can still configure and use the plug-ins. |
| WM-4287 | Trickle delivery for upload of large files was not enabled by default. Fixed. |
| WM-4289 | Chained installations could experience issues with the WebMarshal proxy service due to a multi-threading issue. Fixed. |
| WM-4290 | Content can be requested through different upstream methods depending on the URL Category of the site requested. |
| WM-4298 | An incomplete file could be cached if a download with Chunked Encoding was cancelled. Fixed. |
| WM-4300 | Integration with M86 VuSafe is supported. |
| WM-4317 | The Norman anti-virus integration (MSNorman.dll) has been updated. The new DLL is version 1.3.3.2. |
| WM-4342 | The Jump to Rule function in Test Policy did not work for Content Analysis rules. Fixed. |
| WM-4353 | In rare cases the download of Scan Engine plug-ins could fail due to a timing issue with component initialization. Fixed. |
| WM-1775 | Drag and drop functionality to move or copy rules in a container is enhanced. |
| WM-2088 | WebMarshal now advertises support for GZip and Deflate content encoding, and correctly processes the data. |
| WM-2173 | The "Find URL" button on the toolbar now checks for URLs included in any installed Filtering List. |
| WM-2468 | When launching the Policy Tester from a URL, additional options such as file type and size are set in the Policy Tester based on the values of the item. |
| WM-2498 | In the Rule Preview, the "show parent rules" checkbox has been moved above the rule description for usability. |
| WM-2550 | Adding a TextCensor item within a script now is confirmed to the user with a text note on the form. |
| WM-2646 | The Policy Tester can now get the URL from the user's browser, regardless of UAC settings. |
| WM-2826 | Install logging now correctly reports the operating system version. |
| WM-2879 | Filtering list expiry is now displayed at the Console in local time. |
| WM-3019 | When viewing a list of elements that use an element (such as rules that use a category), a "jump to" option is available and opens the property window for the item. |
| WM-3109 | Forward proxy ports above 32767 caused an error when starting the service. Fixed. |
| WM-3156 | Block pages were not correctly shown in some browsers due to browser limitations on the size of data sent with the original response. Fixed. |
| WM-3170 | The WebMarshal Filter functionality now has a separate XML settings file (previously shared a file with Proxy settings). This change also allows the logging path for Filter to be set separately. |
| WM-3295 | The Rules used by User Group window now includes a "jump to rule" option. |
| WM-3313 | Failure to delete cache content files is now logged in the text log. |
| WM-3399 | TRACEnet and SafeSearch functionality were not included in the "rules used by this User Group" display. Fixed. |
| WM-3423 | The requirement to commit configuration was not indicated in all cases when adding URLs or moving URLs between categories. Fixed. |
| WM-3439 | SSL connection times shown in Proxy Performance statistics were always 0. Fixed. |
| WM-3441 | License expiration notices for URL filter lists have been enhanced. A single notice for each list will be sent by email or console notification. |
| WM-3474 | WebMarshal now correctly handles content from servers that assume clients support GZip even if it is not advertised as supported. |
| WM-3595 | The Active Sessions view can be filtered by domain. |
| WM-3717 | The Console now preserves item selection in list views when the list is refreshed (F5). |
| WM-3749 | The properties of a Category in the Console now include a list of rules that use the category. |
| WM-3780 | The Console always showed node status as "out of date" if automatic configuration backup was enabled. Fixed. |
| WM-3781 | URL category comment ("reason added") data is no longer replicated to the nodes (to save bandwidth). |
| WM-3782 | URL category comments added manually are now copied with the URL if it is moved to another category. |
| WM-3783 | The Support Tool could fail due to temporary files being deleted while the tool was running. Fixed. |
| WM-3802 | The Console did not correctly allow access to users with only Connect to Console and View Active Sessions permissions. Fixed. |
| WM-3810 | WebMarshal now handles responses from websites that incorrectly send data with a response code 205. |
| WM-3819 | The performance counter for server connections could incorrectly show very large numbers in rare cases. Fixed. |
| WM-3825 | The test button for directory connectors was not available for anonymous connections. Fixed. |
| WM-3841 | Files could not be retrieved from FTP servers that do not allow directory traversal. Fixed. |
| WM-3849 | The URL category listings now include the option to view a URL in the browser. |
| WM-3871 | The MailMarshal BTM Update site has been added to an internal list of trusted HTTPS sites. |
| WM-3873 | The product is rebranded as M86 WebMarshal. |
| WM-3884 | Kaspersky for Marshal is included in the installer and licensed by the automatically generated trial key. |
| WM-3902 | The Console Print Configuration function has been updated for changes in this release. |
| WM-3928 | Attempts to change TRACEnet and SafeSearch settings by a user without permission were not correctly handled. Fixed. |
| WM-3949 | Error notification for the AD and NDS connector setup has been improved. |
| WM-3956 | In version 6.5.X, yearly quota information was incorrectly purged from the database. Fixed. |
| WM-3971 | The WebMarshal ISA plug-in caused a fault in ISA Firewall Service in some cases. Fixed. |
| WM-3986 | In earlier versions, periodic warning email about TRACEnet update problems was sent incorrectly when an installation had multiple processing servers. Fixed. Warnings are correctly generated and also include the name of the server(s) where the problem occurred. |
| WM-3992 | If some configured virus scanners are not initialized, the WebMarshal Engine will start but all browsing will be blocked until scanners are fully functional. A notice page will be returned to the browser. In earlier versions, the engine would not start, by design. |
| WM-3997 | Authenticated FTP downloads could fail when the user's home directory was not the root. Fixed. |
| WM-4029 | On startup the Array manager retrieved an incorrect policy timestamp. Fixed. |
| WM-4039 | Some HTTPS Certificates were not recognized as valid due to specific checking criteria for intermediate certificates. Fixed. Note that Windows Root Certificate update may be necessary to resolve similar issues in other cases. |
| WM-4068 | The authentication bypass setting did not update the user name associated with a client IP if a new user connected after the timeout had expired. Fixed. |
| WM-4140 | TRACEnet is now enabled by default. The privacy policy presented in the Console has been updated. |
| WM-4170 | When editing a Quota volume in the Console, the OK and Apply buttons were not enabled. Fixed. |
| WM-4171 | Settings to allow HTTPS connections to non-standard ports and without User-Agent header are now enabled by default for new installations. |
| WM-4177 | The Engine could stop unexpectedly while trying to allocate memory. Fixed. |
| WM-4183 | It is no longer possible to re-run the Configuration Wizard. |
| WM-4209 | The TRACEnet library did not correctly identify files of type TEXT. Fixed. The fix (SETRACEnet_7676.dll) has also been deployed to existing installations through the TRACEnet updater. |
| WM-4213 | In default configuration, a user must now be a member of a group other than "Exclude from Reporting" to be recognized as a "defined user." This change does not affect upgrades. |
| WM-4223 | Updates to the M86 Web Filter database could be slow when many entries were deleted. Fixed. |
| WM-4235 | Upload rules were not always disabled when changing from WebMarshal Proxy to ISA plugin mode. Fixed. |
| WM-3952 | In version 6.5.5, database logging incorrectly logged activity in local time at the Array Manager (instead of UTC). Fixed. For more information, see Trustwave Knowledge Base article Q13729. |
| WM-3963 | Installation or upgrade now records the date and time (UTC) in the Registry. |
| WM-1931 | WebMarshal now tracks each protocol for each domain separately in Active Sessions. If two protocols are used to access a domain at the same time, WebMarshal counts two visits. |
| WM-2082 | The "exclude request from logging" action did not correctly exclude visits to HTTPS sites. Fixed. |
| WM-2084 | When using the ISA plugin, browsing could be slowed due to inefficient user matching. Fixed. |
| WM-2177 | McAfee for Marshal failed to scan some extracted files. Fixed. |
| WM-2300 | The Server Tool now provides for editing of temporary and log file locations and some common proxy settings. |
| WM-2316 | The Support Tool can now upload gathered information automatically by FTP. |
| WM-2337 | WebMarshal with HTTPS inspection now can proxy requests from FTP clients that use the HTTP CONNECT method. For configuration options, see Knowledge Base article Q12950 |
| WM-2338 | The Active Sessions view can now be filtered by processing node. |
| WM-2363 | Updated information in Active Directory accounts imported through the NT Connector is now handled correctly. |
| WM-2462 | When adding a user group in the Console, status information was not refreshed automatically. Fixed. |
| WM-2519 | Upload rules are now disabled automatically when running as an ISA plugin. |
| WM-2545 | The SmartFilter functionality has been updated to the latest version of the software SDK. |
| WM-2562 | WebMarshal can now import users through the AD connector from a domain trusted by the domain in which it is installed (one-way trust). |
| WM-2611 | All changes to policy elements now prompt for a configuration commit. This change is for consistency and user understanding. |
| WM-2684 | Sophos scanning could fail to delete temporary '$$$' files. Fixed. |
| WM-2688 | Configuration backups included uncommitted changes. Fixed: Backups now include only committed changes. Note that membership of user groups and URL categories is updated without explicit commits and the latest values are always included. |
| WM-2696 | A new "What's New and Cool" page displays in the Console after an upgrade has been performed. This page is also available from the Console Help menu. |
| WM-2704 |
For user understanding the default paths for configuration
backup and traffic logging in the Console use the variable
%WebMarshal% to indicate they are relative to the install
location. |
| WM-2921 | In multi-node ISA Enterprise environments, unregistering of the WebMarshal filter did not work. Fixed. Note that the Microsoft Firewall service must be manually restarted after ISA configuration has been fully replicated to all servers. |
| WM-3020 | The Performance Monitor counter descriptions now indicate the units counted. |
| WM-3021 | The Proxy service could fail to delete temporary files when Sophos scanning was enabled. Fixed. |
| WM-3023 | The Active Sessions view can now be filtered by user name. |
| WM-3032 | The User Properties window now includes a tab showing all groups the user is a member of. |
| WM-3037 | Advance logging settings can now be configured to set full logging for particular IP client IP addresses. |
| WM-3044 | Streaming content type configuration has been removed because it is no longer required as a result of WM-3063. |
| WM-3063 | WebMarshal now hold back a small fixed amount of downloaded files instead of a percentage. |
| WM-3069 | The MarshalFilter functionality has been updated to the latest version of the software SDK. |
| WM-3077 | The name of the connected Array Manager now displays in the title bar of the Console window. |
| WM-3148 | WELF logging now shows the parent container name if a request is blocked because no rule in the container matched. |
| WM-3178 | Web installer packages now are signed with a publisher name. |
| WM-3196 | The Proxy service could exit prematurely during shutdown. This issue has been addressed with a code change. |
| WM-3220 | Block pages now change to a small format when required. |
| WM-3228 | SmartFilter categories have changed. For details see the Upgrade Notes section. |
| WM-3229 | Streaming media domain browsing end times could be logged outside the time of the parent session. Fixed. |
| WM-3230 | Database purging could fail to delete records where domain and session end times did not match. Fixed. |
| WM-3245 | It is now possible to specify whether files served from the WebMarshal cache are counted against volume quotas. |
| WM-3270 | The Dashboard now includes links to enable TRACEnet and caching if these features are not enabled. |
| WM-3280 | Domain and File classifications are now logged to WELF logs. |
| WM-3286 | File classifications applied to common web files were sometimes not logged to the database. Fixed. |
| WM-3305 | Optional links to a Marshal Reporting Console instance have been added in the Console. |
| WM-3306 | Bing Explicit content servers are added to the Adult and Nudity category in default rules. |
| WM-3310 | The TRACEnet text log now records when a request would have been blocked but the user or URL was excluded from blocking. |
| WM-3312 | The TRACEnet text log now records when a request would have been blocked but the user or URL was excluded from blocking. |
| WM-3330 | Active Sessions now includes information on the files and amount of data served from the Proxy Cache. Information on files cached in the user's browser is no longer included. |
| WM-3331 | SQL database logging now indicates if a file was served from the WebMarshal proxy cache. |
| WM-3337 | File type DOCIRM was not included in the ENCRYPTED file type group. Fixed. |
| WM-3359 | If required TRACEnet library and index files are missing, the administrator is notified by email every 6 hours. |
| WM-3381 | User name information was reloaded on the nodes when quotas were updated. Fixed: User information is only reloaded when the list changes. |
| WM-3394 | Proxy error and Filter error pages returned by WebMarshal have been improved to clearly show that they are error (not block) pages and to display more details of the error. |
| WM-3456 | Default rules have been reviewed and clarified. For more information, see Knowledge Base article Q12986. |
| WM-3511 | The Proxy Cache log file did not respect changes in the file size and retention setting until the Proxy service was restarted. Fixed. |
| WM-3515 | The product has been rebranded for M86 Security. |
| WM-3528 | The latest MSSAVI.DLL file is included in the installation. |
| WM-3548 | WebMarshal now trickles uploads. This change resolves timeout problems with upload files and webmail sites. |
| WM-3552 | The User Defined filetype was mistakenly shown as an option in rule conditions. Fixed. |
| WM-3556 | UNC path locations cannot be selected for Traffic Logging and Proxy Caching. If a UNC location was specified before upgrade, it will still be used. |
| WM-3557 | Automatic configuration backup can now use UNC paths. The account used for the Array Manager service must have access to the location. |
| WM-3570 | TRACEnet update history display could show the wrong result intermittently. Fixed. |
| WM-3580 | Processing of the Proxy Content Bypass list did not correctly match all entries that could be made in the user interface. Fixed. |
| WM-3585 | Updated Visual C++ runtimes are included in the installation package. |
| WM-3599 | TRACEnet block actions are now included in WebMarshal Reports and MRC reports. The "rule name" for a TRACEnet action is prefixed TRACEnet\. |
| WM-3611 | When the Engine does not start due to interference from a resident virus scanner in the unpacking or temporary folders, WebMarshal emails the administrator. |
| WM-3618 | When the Array Manager service failed to start it returned a generic error dialog with text referring to the ISA Firewall service even where ISA was not the cause. Fixed. |
| WM-3622 | Category match information can now be shown on block pages using a new variable. See Knowledge Base article Q10865. |
| WM-3626 | The default mapping of M86 Filter List categories to WebMarshal categories has been reviewed and improved. |
| WM-3633 | SZDD files were recognized but not unpacked. Fixed. |
| WM-3656 | Maintenance expiry information would not be properly updated in the Console when a new key was entered. Fixed. |
| WM-3657 | Wildcard HTTPS domain entries did not work correctly in the Proxy Content Bypass list. Fixed. |
| WM-3664 | All WebMarshal installation files are digitally signed. |
| WM-3670 | Wildcard entries did not work correctly in the Add URL to Category window when the "also add WWW." option was selected. Fixed. |
| WM-3671 | Certain PDF files could not be unpacked correctly or TextCensored. Fixed. |
| WM-3696 |
TRACEnet reclassify requests now use the server
HTTPS://TNReclassify.m86security.com. |
| WM-3710 | Some invalid requests generated by web browsers could cause the WebMarshal Proxy to fail. Fixed: the faulty requests now correctly return an "invalid request" page. |
| WM-3711 | The first daily backup after installation did not include some settings. Fixed. Also, Backups always contain the committed policy, or (for on-commit backups), the policy that is being committed. |
| WM-3720 | Problems with access while updating Categories could cause the Array Manager to stop unexpectedly. Fixed. |
| WM-3721 | Firefox update checking does not succeed when HTTPS content inspection is enabled. For details and configuration to solve the issue, see Knowledge Base article Q12958. |
| WM-3723 | Rule processing is enabled by default for new installations. |
| WM-3724 | When adding a URL to a category, in some cases comments were not saved. Fixed. |
| WM-3725 | The Real -Time Dashboard counter "requests" has been re-labeled "page requests" to clarify that this counter excludes images and JavaScript files. |
| WM-3730 | The policy test dialog could incorrectly report that no rules matched if no Content Analysis rules matched. Fixed. |
| WM-3737 | TRACEnet functionality is enabled by default for new installations. |
| WM-3738 | Proxy caching is enabled by default for new installations. |
| WM-3741 | In multi-node ISA Enterprise environments, registering of the WebMarshal filter did not work. Fixed. Note that the Microsoft Firewall service must be manually restarted after ISA configuration has been fully replicated to all servers. |
| WM-3744 | In the Console, SafeSearch now displays immediately below TRACEnet to enhance visibility of this feature. This change does not change the order of filtering functionality. |
| WM-3747 | The default mapping of M86 Filter List categories to WebMarshal categories has been reviewed and improved. |
| WM-3748 | Performance when downloading large files through the ISA plugin has been improved with changes to internal buffering. |
| WM-3761 | The Add URL to Category Reason information in the configuration file can cause bandwidth issues in WAN deployments. A configuration option is now available to disable saving this information. Contact Trustwave Support for details. |
| WM-3774 | Some TextCensor scripts were not applied to webmail sending by default due to rules not applying to the data type used by the form upload. Fixed. |
| WM-3784 | Some YouTube videos were not properly handled by Proxy Caching. Fixed. |
| WM-3785 | Some wildcard URL listings in the M86 URL filtering list were not processed correctly. Fixed. |
| WM-3790 | Invalid multi-byte characters in response headers were not correctly handled by WebMarshal. Fixed. |
| WM-3798 | WebMarshal URL checking could be bypassed by adding . to the end of the domain name. Fixed. |
| WM-3821 | SmartFilter categories and programming interface have been updated. |
| WM-3652 | WebMarshal displayed a File Aborted page to the user if the actual size of web page data did not match the Content-length header. Fixed. |
6.5.2.4636 (August 26, 2009)
| WM-934 | The Customer Feedback mechanism last available in WebMarshal 3.7.5 is again implemented in this release. |
| WM-1722 |
Performance counters have been added for traffic between the
Array Manager and the nodes, as follows: WMController\Bytes
Received Array Manager and WMController\Bytes Sent Array Manager |
| WM-1837 | If a version 6.0 database is selected, the user is now given the option to upgrade the database structure or select another database. |
| WM-2242 | WebMarshal services are now configured to restart when they stop unexpectedly (using the Windows Service Control Manager settings). |
| WM-2347 |
Attribute names in XML configuration files were treated as
case sensitive. This issue has been addressed for the
following files: WMArrayMgr.config.xml,
WMController.config.xml, WMEngine.config.xml and
WMProxy.config.xml. Note that element (node) names are
still case sensitive. |
| WM-2393 | The display of quota amounts on pages presented to users now matches the rounding and units shown in the WebMarshal console. |
| WM-2399 | The Connector Reload schedule time was not always saved correctly when changed. Fixed. |
| WM-2413 | WebMarshal default block pages now use the standard WebMarshal.home template. |
| WM-2416 | The "via" header returned to the client was not correctly formatted when using an upstream proxy. Fixed. |
| WM-2436 | The Controller log now shows the name of each user group being loaded. |
| WM-2453 | WebMarshal.home display issues present in earlier versions of Safari for Windows have been corrected in Safari 4. |
| WM-2454 | The "file information" lines in the Engine log could display a blank "size" entry. Fixed. |
| WM-2492 | Downloads aborted by the user or other software were still passed to the engine for processing. Fixed. |
| WM-2502 | DNSBL lookups from URLCensor now have a configurable timeout. For more information see Knowledge Base article Q12716. |
| WM-2504 | In earlier versions, adding individual computers to groups by IP address did not grant the correct permissions. Fixed. |
| WM-2515 | The unpacking file customization setting in the engine configuration XML file was not applied. Fixed. |
| WM-2516 | Engine debug logging did not provide information about TextCensor triggering. Fixed. |
| WM-2531 | The Server Properties "Apply" button could be activated even though no changes were made. Fixed. |
| WM-2532 | Archive files containing files with duplicate names could cause unpacking errors. Fixed. |
| WM-2542 | In earlier versions, upgrading could require a restart, or fail, due to an issue with locking of Performance Monitor DLLs. Fixed. |
| WM-2549 | Description fields in rules and policy elements now allow a new line to be created by pressing Enter (previously required Ctrl+Enter). |
| WM-2553 | IP address matching for authentication and LAT did not correctly match partial subnet ranges. Fixed. |
| WM-2560 | Some console elements did not function correctly at 120dpi (accessibility for visual impairment). Fixed. |
| WM-2571 | Unpacking of Office 2007 items could cause an exception. Fixed. |
| WM-2590 | The "Grab" button on the rule tester did not identify running instances of Internet Explorer. Fixed. |
| WM-2592 | The WebMarshal Proxy encountered an exception when "indefinitely" quotas applied to a user and that user browsed to WebMarshal.home. Fixed. |
| WM-2595 | WebMarshal now supports addition of the X-forwarded_for header to help with diagnosing the source of requests. For more information see Knowledge Base article Q12723. |
| WM-2610 | The TLS/SSL library used has been upgraded. |
| WM-2616 | The rule warning time period selection dialog did not show the selected value as default when opened for editing. Fixed. |
| WM-2622 | The Engine logged meaningless messages when scanning for malware if no malware was found. Fixed. |
| WM-2623 | The auto-refresh of Active Sessions can now be disabled. |
| WM-2628 | The retention of WebMarshal log files can now be configured. For more information see Knowledge Base article Q12717. |
| WM-2634 | When a user without the correct Console permission modified a rule, the error message dialog did not function correctly. Fixed. |
| WM-2638 | When a "display warning once" action was triggered, remaining rules were never processed, so the page could be permitted inappropriately. Fixed. |
| WM-2645 | The Policy Test page "grab" function did not always update the URL field. Fixed. |
| WM-2647 | TextCensor could fail to open some files for evaluation due to URL encoding of the file names. Fixed. |
| WM-2709 | In version 6.1.6, the quota table on block pages was not correctly displayed. Fixed. |
| WM-2713 | The WebMarshal Support Tool did not gather log and file information from custom locations. Fixed. |
| WM-2721 | The timeout value for unpacking has been increased to allow for large archive files. |
| WM-2744 | File type identification could cause an exception with certain corrupt files. Fixed. |
| WM-2755 | URLs could be categorized incorrectly due to a problem with handling of temporary category insertions on the local node. Fixed. |
| WM-2805 | The result of the Print function in the console has been improved. |
| WM-2858 | The text of a form posting was not correctly identified and TextCensor was not applied. Fixed. |
| WM-2876 | The Real-Time Dashboard now includes TRACEnet data. |
| WM-2915 | File name matching was not applied in some cases after a warning pages was displayed. Fixed. |
| WM-2916 | Form posting over inspected HTTPS could fail because closed connections were not properly detected. Fixed. |
| WM-2924 | The proxy service could take excessive time to restart when required by policy change. Fixed. |
| WM-2989 | Block rules were not applied in some cases after a warning pages was displayed. Fixed. |
| WM-3009 | The Proxy service did not correctly handle the HTTP response 204 (no content). Fixed. |
| WM-3017 | HTTP/1.1 support did not include the OPTIONS method. Fixed. |
| WM-3022 | The WebMarshal Support Tool gathered dump files starting with the oldest. Fixed: The most recently created files are gathered. |
| WM-3028 | The Active Sessions view lost its scroll position when refreshed. Fixed. |
| WM-3040 | The WebMarshal Support Tool now runs at "below normal" priority so that other services have priority for processing time. |
| WM-3046 | The default download trickle rate is set to 90% to improve perceived performance. |
| WM-3049 | Installing URLCensor raises a warning that real-time DNS lookups affect the browsing experience. |
| WM-3060 | When an upstream proxy was configured, reloading configuration would always restart the WebMarshal Proxy service. Fixed. |
| WM-3062 | Binary content served with an incorrect MIME type of "text" was subjected to the hold-back requirement for text files. Fixed. |
| WM-3078 | The default delay before trickling text files is reduced to 30 seconds. This can help to avoid client timeouts when binary content is mis-reported as text/plain in the response headers. |
| WM-3082 | The default server timeout in the proxy service is set to 300 seconds to help avoid timeouts when accessing sites with slow back-end response. |
| WM-3101 | WebMarshal now provides authentication caching to assist with access by applications that cannot respond to a request for proxy credentials. For more information see Knowledge Base article Q12734. |
| WM-3151 | Computer users that were also members of a user group (range) could still browse some sites after being explicitly removed. Fixed. |
| WM-3161 | HTTPS content inspection could consume excessive and increasing memory. Fixed. |
| WM-3214 | Unpacking errors were not properly handled when they occurred at the beginning of unpacking. Fixed. |
| WM-3235 | File type identification has been improved to show Word 6 and Document IRM types. |
| WM-3283 | Problems with access while updating user groups could cause the Array Manager to stop unexpectedly. Fixed. |
| WM-3288 | Text logs now correctly handle external error messages with multiple lines. |
| WM-3299 | Word 6 documents are correctly recognized and scanned. |
| WM-3404 | YouTube video was not blocked by Connection Rules due to a recent change in the YouTube/Google website. Fixed. |
| WM-3433 | HTTPS Content Inspection did not properly release allocated memory. Fixed. |
| WM-3457 | Yahoo Messenger was not blocked by Connection Rules in all cases. The problem has been addressed with additional testing of protocol headers. |
| WM-3459 |
Requests made with
Accept-Ranges could cause multiple aborted
connections to a server. Fixed: WebMarshal now strips
Accept-Ranges headers. (WebMarshal does not support byte
ranges because the entire file is required for scanning.) |
| MC-4 | Certain MSI files were incorrectly recognized as OLE files. Fixed. |
| MC-13 | Certain CAB files were detected as type BIN. Fixed. |
| MC-14 | OGG audio and video streams are now detected. |
| MC-17 | Encrypted PDF documents could be detected as type PDF (not encrypted). Detection of this type has been improved. |
| MC-37 | PDF detection has been enhanced with a new type for documents with operations protected (Protected Acrobat PDF Document). These files can be unpacked and scanned. |
| MC-39 | Microsoft Document Imaging (MDI) files are now recognized. |
| MC-40 | Many Open Office document file types are now recognized. |
| MC-41 | Word 2007 documents with Restricted Access were detected as type OLE. Fixed: these documents are now detected as encrypted Word documents. |
| MC-51 | JPEG2000 file type identification has been improved. |
| MC-52 | Some PDF files were not identified as encrypted. Fixed. |
| MC-54 | PDF document unpacking has been improved. |
Note: To review change history for version 6.1 and below, please see the Release Notes for the specific version of WebMarshal.
Copyright © 2013 Trustwave Holdings, Inc.
All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
While the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.
The most current version of this document may be obtained from Trustwave
Knowledge Base article
Q15132.
Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.
Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its TrustKeeper® portal and other proprietary security solutions. Trustwave has helped hundreds of thousands of organizations—ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices worldwide. For more information, visit https://www.trustwave.com.