7.6 - Recategorized URL still blocked as "security override blocked"

Answered (Not Verified) This post has 0 verified answers | 17 Replies | 11 Followers

Top 500 Contributor
14 Posts
timrybak posted on 27 Jul 2011 11:55 AM

I just upgraded to 7.6.  I have a custom URL category called iTunes that is allowed for a few users.  I had one of them tell me that they are being blocked trying to download iTunes.  The URL of the download is "http://www.apple.com/itunes/download/".  If I run the URL Category check, it tells me it is in the iTunes category I created.  However, if I run the Test Filtering, it tells me that the result is "Security Override Blocked" and that the URL is actually in the category "Freeware and Software Download" (which is blocked for all users).

Why didn't the recategorization fix this issue?  What can I do to allow this for my users?

|

All Replies

Top 10 Contributor
1,744 Posts
Moderator
Suggested by jhillenburg

 

By default, when a site is categorized in a Security Risk category, the site is filtered based on its Security Risk classification, even when the site isadded as a recategorized URL in a permitted category.

 

If you want to always filter based on custom categorization, regardless of whether a site appears in a Security Risk category (like Malicious Web Sites or Spyware):

 

1. Navigate to the Websense bin directory on the Filtering Service machine and open the eimserver.ini file in a text editor.

 

2. Navigate to the [FilteringManager] section and add the following line:

 

SecurityCategoryOverride=OFF

 

3. Save and close the file.

 

4. Restart Filtering Service.

Best regards

|
Top 500 Contributor
14 Posts

Thank you!  This solved the issue I was having.

|
Not Ranked
1 Posts
Suggested by soguknewale

had the same problem and worked for me too.

Thnx.

|
Not Ranked
1 Posts

Thanks Yuting_W!  Fixed my issue.

|
Not Ranked
1 Posts

Hi, I have the same issue, however we are running the filtering service "on box". How do we switch off the SecurityCategoryOverride? We are running a V5000 G2 appliance.

Regards

|
Top 10 Contributor
986 Posts
Trusted Users (MVP)
Suggested by littlesnooze

ghanzen -- open a case with Websense Support so a technician can help you do it on an appliance.

 

Is another work around for this to remove the category from the Security Risk class?  I think it's very dangerous to turn off this feature-- it means if a site you recategorized later becomes compromised you'll have no way of knowing and continue letting your users get to it.  In the original poster's example, could you instead remove "Freeware and Software Download" from Security Risk risk class to fix it without turning off the entire override feature?

|
Not Ranked
1 Posts

is there a way to turn off this feature only for an Url?

|
Top 10 Contributor
986 Posts
Trusted Users (MVP)

No, but there should be.  I just posted a feature request this morning asking for just that so feel free to reply to that and add your support.

|
Top 50 Contributor
70 Posts

Dear Yuting, 

I tried this - however it does not work for me.

I have a site that is being miss classified. After putting that site in another category (user defined), and applying what you said - I still get the same problem: Security Risk takes precedence over my settings

Any other suggestions? - Try some other category?

Regards,

J.

|
Top 10 Contributor
986 Posts
Trusted Users (MVP)

If you truly believe it's miscategorized I'd put it through Site Lookup Tool and ask Websense to fix it on their end, that would be best.  If not, then it's a question of which category it's in.

|
Top 50 Contributor
70 Posts

Glitch,

apart from writing to Websense, I must comment that Security Risk is something I find as a configuration overhead - if one sets permit or allow for particual category, I do not see a reason why "Websense must interfere in that decision" with Security Risk overrides. 

In case one wants to give precedence to its configuration, then I think there should be a simpler procedure for accomplishing that - a simple option in GUI to enable or disable overrides as Yutig described here. This all together is quite annoying especially when common resolution is not working as in my case.

Regards,

J. 

|
Top 50 Contributor
56 Posts

Websens really isn't interfering.  It is doing it's job by protecting you from sites that may have been compromised.  If you open up a dozen sites and one of them is compromised with malicious code are you saying you want your users to go there anyway?   I sure wouldn't.  I don't want anyone going to a site that is a security risk.   If you do believe a site is inappropriately categorized as a security risk, Websense is pretty good about making it right when you notify them.

|
Top 10 Contributor
986 Posts
Trusted Users (MVP)

Jurgen:

Glitch,

apart from writing to Websense, I must comment that Security Risk is something I find as a configuration overhead - if one sets permit or allow for particual category, I do not see a reason why "Websense must interfere in that decision" with Security Risk overrides. 

Here's one big reason why -- you recategorize a website (or allow it in a limited access filter) and 6 months later it becomes compromised and is infecting visitors.  Websense pushes out a Real time Security Update and flags it as Malicious, but because you recategorized it your users can still go to it and they all get infected, doing untold damage to your business.  Thanks to the Security Risk override this won't happen.  One of the main reasons you pay for Websense is to protect your environment from those kinds of websites; you should not lose that protection just because months ago you disagreed with what the category was before the site became a danger.

I've been this scenario happen to be previous to this override feature.  I was in an environment that required extensive use of limited access filters for certain employees.  One of the sites they used regularly became infected, but because LAF don't look at category they were allowed to go to the site.  Only because that group's supervisors were not on a LAF and did get blocked did we even know this was happening.  If that happened today we would have been protected thanks to Websense.

That being said, I do agree that there should be a way to override the override for a specific URL.  Put whatever warning you want to in front of it, but I just had a case where it would have helped to do this for a website that was marked as a Parked Domain but had recently been "fixed" and we had to wait for Websense to update the category on their end.

Aside from that, I think the Security Override feature is a fantastic feature that should have been included sooner.

|
Top 10 Contributor
2,777 Posts
Editor
Moderator

Question: What constitutes a Security Risk?

Answer:  Your Risk Classes in Settings dictate which categories are included as a Security Risk class.  If you remove the category from the Risk Class, the security override will no longer take effect.

Do with this information what you will.   As Glitch has said, it's a good feature, yet poorly understood why it's needed.

 

JACOB SLOAN, CCNA, WCSE

 

|
Page 1 of 2 (18 items) 1 2 Next >