v7.5 Release Notes for Websense Web Security and Websense ...

Release Notes
Websense® Web Security
Websense Web Filter
Version 7.5
New in this version
Websense Web Security and Websense Web Filter version 7.5 is an English-only release.
Installation changes
New technologies with an updated look and feel are now used for Websense Web Security and
Websense Web Filter installation. The installer now includes:
Built-in Help for most installation screens, accessed via a button
A progress checklist in the left pane
Some reduction in the number of screens that must be completed
The new Websense Control Service handles component activation and configuration. It continues to
run once installation is complete in order to facilitate adding or removing components.
Introducing Websense Web Security Gateway Anywhere
Websense Web Security Gateway Anywhere is a comprehensive and flexible security solution that
offers:
A robust, fully hybrid Web filtering and reporting solution, configured through a single user
interface.
• Use Websense Web Security Gateway (software or appliance) to filter Internet requests for
some users, for example, at your organization’s headquarters.
• Use the hybrid service to filter Internet requests for other users, for example, at branch
locations.
• Use remote filtering software or the hybrid service to filter users when they are outside the
network (travelling or working from home, for example).
• Use one interface to create policies, generate reports, and monitor filtering for all users,
regardless of how their requests are filtered.
The ability to categorize content, analyze sites and files to find malicious content, and perform
legacy antivirus scanning in real time, as users request sites.
Web data loss prevention capabilities to help you regulate what types of content can be posted to
the Web from within your organization.
Version 7.5 Release Notes 1

Introducing the TRITON Unified Security Center
The TRITON Unified Security Center is the new configuration and management interface for
Websense Web and data security solutions. In this release, the TRITON console includes a Web
Security module that replaces Websense Manager, as well as a Data Security module that replaces
DSS Manager.
In all TRITON modules:
A new module tray appears below the banner, allowing administrators with appropriate
permissions to switch seamlessly between the Web Security and Data Security modules of the
TRITON console.
The left and right navigation panes now collapse, allowing the content pane to expand. When the
left navigation pane is minimized, a narrow bar shows an icon for each functional group. Move
the mouse over an icon to see a pop-up menu of options within the selected group.
In TRITON - Web Security:
The Websense banner now displays the current administrator’s logon name next to the role dropdown
box.
The toolbar just below the module tray now includes the Policy Server, Help, and Save All
buttons.
• Move the mouse over the Policy Server button to see which Policy Server is currently being
managed, or click the button to switch between Policy Server instances.
Changing Policy Servers still requires administrators to log off and log back on.
• The Help menu now contains links to the Websense Knowledge Base and customer forums.
In Websense Web Security Gateway Anywhere environments, and other environments that combine
Websense Web and data security solutions, you can configure the TRITON console to give specific
administrators access to both modules via a single logon account.
Shared administration of the Web Security and Data Security modules of the TRITON Unified
Security Center requires linking your Websense Web and data security solutions. Linking Service,
the component that enables linking, provides the added benefit of giving data security software
access to Master Database URL categorization and user information collected by User Service.
Once a connection is established, use the Settings > Linking page in TRITON - Web Security to
configure the notification email messages sent to new administrators. You can then start creating
administrator accounts on the Main > Policy Management > Delegated Administration page. (The
accounts must also be added to TRITON - Data Security to allow joint access.)
All reporting features available in TRITON - Web Security on Linux
Full reporting, including the Today and History page charts, investigative reports, and presentation
reports, is now available when TRITON - Web Security is installed on Linux. This requires that Log
Server be installed on a Windows machine, with the Log Database hosted on a supported version of
Microsoft SQL Server or MSDE.
Support for Linux Log Server, MySQL, and Explorer for Linux has been discontinued.
2 Websense Web Security and Websense Web Filter

New software versions supported
Version 7.5 introduces support for:
Microsoft SQL Server 2008 (The Log Database can now be hosted by Microsoft SQL Server
2008 or SQL Server 2005 SP3, or by MSDE. Support for Microsoft SQL Server 2000 has been
discontinued.)
Microsoft Internet Explorer 8
NTLM 2 with Windows 2003 and Windows 2000 domain controllers
In this version, TRITON - Web Security is fully supported in Internet Explorer 7 and 8, and Firefox 3
(up to version 3.5).
• Full support for Firefox 2 has been discontinued.
• Full support for Firefox 3.6 is not available.
On Linux platforms, use Firefox 3.5.x for best results. Some reporting features will not display
properly in earlier versions of Firefox on Linux.
Change priority of Security categorization
Previously, custom categorization always determined how a URL was filtered. In other words, if a
URL was recategorized in a permitted category, added to the Unfiltered URLs list, or added to a
limited access filter, that custom categorization always took precedence over the Master Database or
security scanning categorization. Therefore, a legitimate site that was compromised might be
permitted due to custom categorization, even if the Master Database or security scanning placed the
site in a Security category (like Malicious Websites, Spyware, or Keylogging).
You now have the option to configure Websense software to prioritize Security Risk categorization
over custom categorization. After the configuration change, if the Master Database or Websense Web
Security Gateway scanning places a site in a Security Risk class category, and the category is
blocked, the site is blocked.
To enable this feature for on-premises filtering:
1. Navigate to the Websense bin directory on the Filtering Service machine (C:\Program
Files\Websense\bin or /opt/Websense/bin/, by default) and open the eimserver.ini file in a text
editor.
2. Navigate to the [FilteringManager] section and add the following line:
SecurityCategoryOverride=ON
3. Save and close the file.
4. Restart Filtering Service.
• Windows: Use the Services dialog box (Start > Administrative Tools > Services) to restart
Websense Filtering Service.
• Linux: Use the /opt/Websense/WebsenseDaemonControl command to stop and then start
Filtering Service.
You can determine which categories are part of the Security Risk class on the Settings > General >
Risk Classes page in TRITON - Web Security.
To enable this feature for hybrid filtering:
Version 7.5 Release Notes 3

1. Navigate to the Websense bin directory on the Sync Service machine (C:\Program
Files\Websense\bin, by default) and open the syncservice.ini file in a text editor.
2. Add the following lines to the file:
[hosted]
SecurityCategoryOverride=true
3. Save and close the file.
4. Use the Windows Services dialog box (Start > Administrative Tools > Services) to restart
Websense Sync Service.
Network Agent configuration
It is now possible to configure Network Agent to ignore specific ports via TRITON - Web Security.
1. Go to the Settings > Network Agent > Local Settings page.
2. Expand Advanced Network Agent Settings.
3. Under Port Monitoring, mark Configure this Network Agent instance to ignore traffic on the
following ports.
4. Enter the ports that you want Network Agent to ignore.
5. Click OK to cache your changes, and then click Save All to save and implement them.
Note that because this functionality has been moved to the TRITON console, the IgnorePorts
parameter in the natuning.ini file is no longer used. Even if you have previously modified your
natuning.ini file, you must now enter the port information in TRITON - Web Security.
Expanded scanning features and reporting options
Web Security Gateway and Web Security Gateway Anywhere administrators now have access to the
following enhanced functionality:
Embedded URL link analysis can optionally be performed during content categorization for
more accurate categorization of certain types of pages. For example, a page that otherwise has
little or no undesirable content, but that links to sites known to be undesirable, can be more
accurately categorized. URL link analysis can find malicious links embedded in hidden parts of a
page, and can detect pages returned by image servers that link thumbnails to undesirable sites.
A content categorization sensitivity control allows you to tune the sensitivity of the methods
(classifiers) used to classify content and ultimately determine a category. It is important to
understand that categorization results from content analysis that applies several methods
(classifiers). The effect of changing the sensitivity level, with respect to resultant category,
cannot be predicted. The sensitivity level is optimized (tuned) by Websense Security Labs using
a very large URL test set, to provide accurate results across that test set.
Security threat options now include the ability to scan, detect, and block rich Internet
applications, such as Flash, that contain malicious code.
A new security threat content scanning option supports the scanning of outbound Web content
for bot and spyware phone home traffic. When phone home traffic is detected, it is forwarded
to the scanning log database and categorized, so that you can run a report to obtain a list of the
computers in your system that are infected with bot and spyware.
New presentation reports and History page charts highlight the effectiveness and value of
real-time scanning of Web 2.0 sites. On the Presentation Reports page, the Scanning Activity
group includes reports on Web 2.0 browsing and scanning activity, including recategorization
4 Websense Web Security and Websense Web Filter

that results from content categorization. There are also reports that track page blocks that result
from link analysis.
SSL decryption bypass (Content Gateway)
To support organizations using SSL Manager in Content Gateway to manage encrypted traffic, and
who do not want to decrypt HTTPS sessions that users establish with sensitive sites (such as personal
banking or health provider sites), administrators can now specify categories of sites that will bypass
SSL decryption.
For convenience, a predefined Privacy Category group includes categories that may be subject to
regulatory requirements, such as education, financial data services, health care, and others.
Administrators can also specify a list of hostnames or IP addresses for which SSL decryption is not
performed.
Tunneled protocol detection (Content Gateway)
Tunneled protocol detection analyzes traffic as it transits Content Gateway to discover protocols that
are tunneled over HTTP and HTTPS. Such traffic is reported to Filtering Service for protocol filtering
enforcement. Scanning is performed on both inbound and outbound traffic.
HTTP tunneling occurs when applications that use custom protocols for communication are wrapped
in HTTP (meaning that standard HTTP request/response formatting is present) in order to use the
ports designated for HTTP/HTTPS traffic. These ports are open to allow traffic to and from the Web.
HTTP tunneling allows these applications to bypass firewalls and proxies, leaving a system
vulnerable. This feature can be used to block protocols used for instant messaging, peer-to-peer
applications, and proxy avoidance.
Improved presentation report performance
A new presentation reports feature offers improved performance of reports generated on the fly while
making it easier to schedule and access very large reports. Administrators can either:
Run the report in the background. A one-time scheduled job is created to run the report
immediately. When complete, the report is added to the Review Reports list and, optionally,
email notification is sent to specified recipients.
Run the report in the foreground. The report is generated in a separate window. When the report
is ready, administrators can view and save the report. The report is not saved automatically, and
does not appear in the Review Reports list.
Delegated administration
To support the ability to use a single logon to access both the Web Security and Data Security
modules of the TRITON Unified Security Center, there have been changes to delegated
administration. The following changes affect all deployments that use delegated administration,
regardless of whether they include a data security solution:
On the Policy Management > Delegated Administration page, the Manage Websense User
Accounts button has been replaced with a Manage Administrator Accounts button.
For Super Administrators, the new Manage Administrator Accounts page is divided into 2
sections:
• Websense User Accounts lists accounts created specifically to give access to TRITON - Web
Security.
Version 7.5 Release Notes 5

• Network Accounts lists user and group accounts from a supported directory service that have
been given administrative access to TRITON - Web Security.
To change the password for a Websense user account, click the account name. Delegated
administrators can change the password only for their own account; Super Administrators can
change the password for any account.
When changing the password for a Websense user account, Super Administrators can mark
Prompt for new password to require a password change the next time the administrator logs on to
TRITON - Web Security.
When Websense Web Security is linked to a data security solution, Super Administrators are given
the option to send an email notification to each new delegated administrator that includes instructions
for accessing both modules of the TRITON Unified Security Center. Administrators who receive
email notification are prompted to change their password the next time they log on to TRITON - Web
Security. Linking must first be configured to enable these options.
Fixed in this version
Several hotfixes (patches) created for previous releases have been incorporated into this version. In
addition, changes requested by customers have been incorporated.
TRITON - Web Security (general)
When an internal error occurs in TRITON - Web Security, the stack trace no longer shows
possibly sensitive information in the client browser. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19,
22)
Category names that include a comma can be changed without error. (v7.0 Hotfix 08, 21, 29)
LDAP user passwords are no longer readable in the HTML source of the Settings > Directory
Services and Logon Directory pages. (v7.0.1 Hotfix 12, 19, 22)
An internal error no longer displays when administrators access the Settings > Risk Classes
page. (v7.0.1 Hotfix 19, 22, v7.1 Hotfix 08, 12, 33, 35, 40, 41, 43, 48, 50, 52)
Administrators can now add proxy user names containing a hyphen (-). (v7.1 Hotfix 08, 12, 33,
35, 40, 41, 43, 48, 50, 52).
Administrators can now define non-qualified sites as unfiltered (for example, http://wrprod).
(v7.1 Hotfix 08, 12, 33, 35, 40, 41, 43, 48, 50, 52)
When an administrator clicks Create Policy in the Common Tasks pane, all existing policies are
now available to be used as the basis for creating the new policy.
When there are many Network Agent instances associated with a Policy Server, a scroll bar
allows administrators to access configuration information for all instances. (v7.1 Hotfix 52)
TRITON - Web Security now accepts user names containing a period when an administrator
configures Master Database downloads via a proxy. (v7.1 Hotfix 41, 50, 52)
Database download status for each Filtering Service instance is displayed in TRITON - Web
Security in a timely manner. (v7.1 Hotfix 35, 38, 40, 41, 43, 48, 52)
TRITON - Web Security issues prevent a connection to Policy Server have been corrected. (v7.1
Hotfix 21, 33, 35, 40, 41, 43, 48, 50, 52)
Pages transmitted via SSL are no longer cached by the browser. (v7.1 Hotfix 21, 33, 35, 40, 41,
43, 48, 50, 52)
6 Websense Web Security and Websense Web Filter

The Secure Attribute is now included in the Encrypted Session (SSL) cookie to avoid having the
cookie sent as plain text. (v7.1 Hotfix 21, 33, 35, 40, 41, 43, 48, 50, 52)
TRITON - Web Security (Policy Servers page)
The list of Policy Servers on the Settings > Policy Servers page no longer shows duplicate entries
after changes are made. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12)
The logon page and Settings > Policy Servers page load more quickly, even when there are many
Policy Servers listed in TRITON - Web Security. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)
A full list of Policy Server entries is displayed on the Settings > Policy Servers page, even when
there are more than 25 entries. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)
TRITON - Web Security (Clients page)
A problem that caused an error preventing administrators from adding a client, either to the
Clients page or to a delegated administration role, has been corrected. The error was: “The user
cannot be added to the current role. A policy has already been assigned to this user in role: Super
Administrator.” (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)
Directory clients (users, groups, and domains/organizational units) are now alphabetized in the
Clients page, with domains appearing first, then groups, then individual users. (v7.0 Hotfix 21,
29, v7.0.1 Hotfix 12, 19, 22)
When adding clients, results returned from the directory service are now alphabetized, as are
pages, if paging is necessary. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)
When an administrator adds network clients on the Clients page, the correct range is added, rather
than a single IP address (computer client). (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)
A problem that caused a Java error when the Clients page was selected has been corrected. The
error no longer appears, and computer and network clients are displayed normally. (v7.0 Hotfix
08, 21, 29, v7.0.1 Hotfix 12, 19, 22)
When an administrator adds directory clients, Websense software can now query more than one
global catalog server. (v7.0 Hotfix 08, 21, 29, v7.0.1 Hotfix 12, 19, 22)
When an administrator adds a network client, and the first value in the second IP address is
greater than 127 (for example, 1.1.1.1 - 128.0.0.0), TRITON - Web Security no longer displays a
warning. (v7.0 Hotfix 08, 21, 29)
User names that include quotation marks (") anywhere in the LDAP path are now displayed
properly in TRITON - Web Security. (v7.0.1 Hotfix 06, 12, 19, 22, v7.1 Hotfix 08, 12, 20, 33, 40,
41, 43, 48, 50, 52)
Administrators were sometimes unable to browse the root domain when child domains were
added to directory services. (v7.1 Hotfix 08, 12, 20, 33, 40, 41, 43, 48, 50, 52)
Clients whose user name contains a comma can now be added via the Search option on the Add
Clients page without an extra backslash character being appended. (v7.1 Hotfix 52)
TRITON - Web Security correctly displays organizational units (OUs) that contain a plus sign (+)
in the name. (v7.1 Hotfix 41, 50, 52)
TRITON - Web Security (custom URLs and limited access filters)
If you have a significant number (hundreds or more) of recategorized URLs or regular
expressions, clicking OK on the Edit Categories page no longer results in a very long delay
(many minutes) before the Filter Components page loads and changes can be saved. (v7.0.1
Hotfix 12, 19, 22, v7.1 Hotfix 08, 12, 33, 35, 40, 41, 43, 48, 50, 52)
Version 7.5 Release Notes 7

In environments with a large number of custom URLs (recategorized or unfiltered), the Edit
Policy page now loads more quickly. (v7.0.1 Hotfix 22, v7.1 Hotfix 08, 12, 33, 35, 40, 41, 43, 48,
50, 52)
An problem that caused valid URLs to be flagged as invalid when URLs were recategorized has
been corrected. (v7.0.1 Hotfix 12, 19, 22)
Unfiltered URLs are saved only once. The Policy Database does not create duplicates. (v7.1
Hotfix 20, 38, 40, 41, 43, 48, 50, 52)
Custom URLs are now displayed in a more consistent manner. (v7.1 Hotfix 12, 33, 35, 40, 41,
43, 48, 50, 52)
When a category is selected on the Filtering Components > Edit Categories page, a complete list
of custom URLs for the category is displayed. (v7.0.1 Hotfix 22, v7.1 Hotfix 08, 12, 33, 35, 40,
41, 43, 48, 50, 52)
Custom URLs (recategorized and unfiltered) and URLs added to limited access filters are
categorized properly when they contain uppercase letters. (v7.1 Hotfix 35, 38, 40, 50, 52)
TRITON - Web Security Toolbox
The Check Policy tool now shows the correct policy for users defined in a Windows Active
Directory global catalog server identified by IP address. (v7.1 Hotfix 50, 52)
Delegated administration
A problem that caused delegated administrators to receive an error message when they attempted
to look up clients or URLs has been corrected. (v7.0 Hotfix 08, 21, 29)
A problem that sometimes prevented delegated administrators from logging on to TRITON -
Web Security has been corrected. (v7.0.1 Hotfix 21 and v7.1 Hotfix 02)
Websense user accounts that include a hyphen (like “report-auditor”) can now be added to a role.
(v7.0 Hotfix 08, 21, 29, v7.0.1 Hotfix 12, 19, 22)
User search is now as quick for delegated administrators as for WebsenseAdministrator (v7.1
Hotfix 48, 50, 52)
Delegated administrators whose permissions do not include viewing user names cannot use the
Toolbox to search for user data. (v7.1 Hotfix 43, 48, 50, 52)
Reporting (Log Server and Log Database)
Log Server now successfully looks up users’ full name and associated groups with User Service
to ensure that user names are visible in reports. (v7.0.1 Hotfix 17, v7.1 Hotfix 05)
During startup, Log Server tries to connect to the database a specified number of times before
recording a failure to connect. (v7.1 Hotfix 15, 18)
When integrated products send records with malformed URLs to Log Server, the high value in
the protocol field is removed, and the records are added successfully to the Log Database. (v7.1
Hotfix 18)
Log Server no longer shuts down when renewing an SSL certificate. It successfully stores the
certificate in the LogServer.exe.p12 file. (v7.0 Hotfix 31)
Reporting (Today and History pages)
The TRITON - Web Security Today and History pages can now connect to a Microsoft SQL
Server database that uses a non-standard port. (v7.0 Hotfix 21, 29, v7.0.1 Hotfix 12, 19, 22)
8 Websense Web Security and Websense Web Filter

The Current Filtering Load line now plots data up to the current time, and the line does not drop
to zero. (v7.0 Hotfix 08, 21, 29, v7.0.1 Hotfix 12, 19, 22)
When a Today or History page chart contains a large quantity of data, better scaling is used to
make the legends more readable. (EI 4254)
Presentation reports
A copied presentation report can be edited and then saved without errors. (v7.0 Hotfix 21, 29,
v7.0.1 Hotfix 12, 19, 22)
Top N presentation reports now permit you to specify up to Top 200. Note that the graph may not
display in the report when you use a large Top N value. (v7.0 Hotfix 08, 21, 29, v7.0.1 Hotfix 12,
19, 22)
A problem that could cause the Presentation Reports Scheduler to fail with a general error has
been corrected. (v7.1 Hotfix 10)
A problem that caused Presentation Reports Scheduler to fail to connect to the Policy Database,
causing scheduled reports to be lost after reboot, has been corrected. (v7.1 Hotfix 12, 33, 35, 40,
41, 43, 48, 50, 52)
Investigative reports
When the automatic reindexing setting is changed to Sunday, the setting is saved properly.
(v7.0.1 Hotfix 24, 31, 33).
Spacing problems in concatenated reports exported to PDF have been addressed, so that character
strings do not overlap and wrapping works correctly. (v7.0.1 Hotfix 09, 24, 31, 33, v7.1 Hotfix
45)
A problem affecting detail reports sorted by bandwidth has been corrected. (v7.0.1 Hotfix 09, 24,
31, 33)
When languages other than English are used, pie charts now display correctly. (v7.0.1 Hotfix 09,
24, 31, 33)
Pie charts display the correct time format (total number of seconds) when you selected Browse
Time [seconds] for the Measure. (v7.1 Hotfix 25, 45)
Pie charts display correctly in locales use the period (.) symbol as a thousands separator. (v7.0.1
Hotfix 33)
Two new Websense\webroot\Explorer\wse.ini file parameters (chartWidth and chartHeight)
make it possible to specify a custom width and height for pie charts, in case you need to expand
the default size. (v7.1 Hotfix 25, 45)
Changing automatic reindexing setting to a Sunday no longer reverts to Monday when you save
changes and refresh. (v7.0.1 Hotfix 09, 24, 31, 33)
Large bandwidth reports (approximately 1.5 GB) to PDF or Microsoft Excel format no longer
results in an error, and the export is completed successfully. (v7.0.1 Hotfix 07, 09, 24, 31, 33).
Top 50 reports can be exported to PDF without error. (v7.0.1 Hotfix 07, 09, 24, 31, 33)
Scheduled reports can be exported to PDF without error. (v7.1 Hotfix 03, 16, 25, 45)
A problem that caused incorrect values in detail reports when administrators attempted to report
on source IP address and destination has been corrected. (v7.0.1 Hotfix 03, 07, 09, 24, 31, 33)
Investigative reports now use UTF-8 encoding. Any information passed using ISO-8859-1
encoding is now converted to UTF-8. This corrects a problem that prevented delegated
administrators from creating reports for managed clients belonging to a domain whose name
Version 7.5 Release Notes 9

included non-Latin characters (for example, Cyrillic or Chinese characters). (v7.0.1 Hotfix 03,
07, 09, 24, 31, 33)
An error that occurred when exporting investigative reports that show the top 50 or more
by within a (for example, Top 50 Categories by Action
within a Risk Class, or Top 75 Users by Day accessing a Protocol) to PDF has been corrected.
(v7.0.1 Hotfix 03, 07, 09, 24, 31, 33)
A problem that caused blank user names in reports if a user account did not have a full first and
last name has been corrected. (v7.1 Hotfix 16, 25, 45)
Browse time reports now display properly. (EI 4656)
Administrators who log on to TRITON - Web Security using a network account with a long
name now have access to investigative reports. (v7.1 Hotfix 45)
When a large investigative report is saved in Excel format, Microsoft Excel can now open the
file. (v7.0.1 Hotfix 31, 33)
User identification and authentication
A problem that sometimes prevented non-Latin symbols in a user password from being
recognized by manual authentication has been corrected. (v6.3.2 Hotfix 45)
Changes to winhttp.dll introduced by Microsoft software update KB960803 no longer prevent
the logon application (LogonApp.exe) from authenticating users via NTLM, regardless of
whether the /dhcp option is used. (v7.0.1 Hotfix 15, 27)
Custom LDAP groups are now properly applied, so that users are filtered correctly. (v7.1 Hotfix
17, 28)
Users whose name include a pound or hash symbol (#) anywhere in the LDAP path are now
filtered correctly. (v7.1 Hotfix 12, 33, 35, 40, 41, 43, 48, 50, 52)
Users in an organizational unit (OU) that contains an ampersand (&) are now filtered properly.
(v7.1 Hotfix 38, 40, 43, 48, 50, 52)
A User Service problem that caused Novell eDirectory Server to lock up, behaving as if it had
reached the maximum number of allowable connections, has been corrected. Connections are
now allocated correctly, and user identification works as expected. (v7.1 Hotfix 28)
Users who log on to Novell eDirectory via Novell ZENWorks are now identified properly by
eDirectory Agent. A new wsedir.ini file parameter (NetworkAddressAttribute) can be used to
specify where user machine IP addresses are stored. (v6.3.3 Hotfix 08, v7.1 Hotfix 24, 30)
eDirectory Agent now connects to Novell eDirectory Server through the port specified in
TRITON - Web Security or in the wsedir.ini file. (v7.1 Hotfix 24)
DC Agent now runs as the domain account configured during installation, correcting a v7.1
problem. (EI 4659)
Filtering Service
The amount of memory required by Filtering Service when it loads the Master Database has been
reduced to minimize download and load failures. (v7.0 Hotfix 28, 34, v7.0.1 Hotfix 04, 13, 26,
29)
Filtering Service and Network Agent now always use the communication ports specified in the
websense.ini file. This addresses a problem that prevented TRITON - Web Security Toolbox
features from functioning properly. (v7.0 Hotfix 19, 20, 28, 34, v7.0.1 Hotfix 04, 13, 26, 29)
When administrators use category filters to implement bandwidth-based filtering, user attempts
to access affected categories are blocked or permitted appropriately. (v7.1 Hotfix 11)
10 Websense Web Security and Websense Web Filter

Custom URLs that include one or more capital letters are now filtered appropriately. (v7.0.1
Hotfix 29)
Filtering Service now supports regular expression syntax not supported in previous versions. In
addition, TRITON - Web Security now more accurately reflects the regular expression syntax
supported by Filtering Service. (EI 3596)
Network Agent
Network Agent on Linux can now handle 13,000 packets per second with a drop rate of less than
1%. (v6.3.2 Hotfix 59)
A multi-threading problem with Network Agent on Linux has been corrected. Network Agent no
longer stops running unexpectedly. (v7.1 Hotfix 32)
Network Agent can be configured to ignore traffic on specified ports. This prevents HTTPS
traffic from being logged twice when Network Agent runs in conjunction with Content Gateway.
Note that with the original hotfix, the configuration required setting an INI file parameter; in this
version, the configuration is performed in TRITON - Web Security. (v7.0.1 Hotfix 13, 26, 29)
A new natuning.ini file parameter (ShowNICsIP) makes it possible to configure whether or not
Network Agent shows the IP addresses of its network interfaces in TRITON - Web Security.
(v7.0.1 Hotfix 13, 26, 29)
Filtering Service and Network Agent now always use the communication ports specified in the
websense.ini file. This addresses a problem that prevented TRITON - Web Security Toolbox
features from functioning properly. (v7.0 Hotfix 19, 20, 28, 34, v7.0.1 Hotfix 04, 13, 26, 29)
Remote Filtering
Two new securewispproxy.ini file parameters (FilterFTP and FilterHTTPS) make it possible to
selectively enable or disable HTTPS (port 443) and FTP (port 21) filtering by Remote Filtering
Client. (v7.0 Hotfix 24, v7.1 Hotfix 25)
A problem that caused Remote Filtering Client to fail to apply quota time, or to apply quota time
incorrectly, to users whose machine had a wireless aircard has been corrected. (v6.3.2 Hotfix 40,
62, 64)
Machines that have Remote Filtering Client installed can now access the Web page for Live
Search Cashback (a feature of MSN Live Search). (v6.3.2 Hotfix 47, 62, 64)
Remote Filtering Client machines can now access application services that use the same IP
address as Remote Filtering Server. (v6.3.2 Hotfix 33, 40, 47, 62, 64).
Users can now add attachments to Microsoft Outlook messages on Remote Filtering Client
machines. (v6.3.2 Hotfix 06, 33, 40, 47, 62, 64)
Users can now compile .java files using IBM RAD on Remote Filtering Client machines. (v6.3.2
Hotfix 06, 33, 40, 47, 62, 64)
Users can now log on to Windows Vista machines with Remote Filtering Client installed. (v6.3.2
Hotfix 06, 33, 40, 47, 62, 64)
The Remote Filtering Client installer now supports upgrade. It is no longer necessary to uninstall
the existing version before installing a new version. (v6.3.2 Hotfix 06, 33, 40, 47, 62, 64)
A problem that made it possible to rename or delete the wdc.exe file has been corrected to
prevent users from bypassing remote filtering. (v6.3.2 Hotfix 64)
Version 7.5 Release Notes 11

Integrations
When Websense software is integrated with a Citrix product, administrators can now control
whether end users who access HTTPS Web pages see a pop-up message when any part of the
page is blocked by SSL protocol blocking. Four new wscitrix.ini file parameters you to specify
whether a protocol pop-up message is to be displayed when the SSL or FTP protocol is blocked,
and to set the minimum time interval between two sequential pop-up messages. (v7.0.1 Hotfix
18)
When Websense software is integrated with a Squid proxy, when the Filtering Service machine is
shut down, client browser access no longer slows down or times out. (v7.0 Hotfix 25)
When a Citrix user is prompted for manual authentication, the information the user provides,
rather than Citrix session information, is logged. (EI 4306, 4501)
The plug-in used when Websense software is integrated with Microsoft ISA Server has been
updated to use the Windows API instead of ISAPI for memory allocation, preventing a problem
that sometimes caused ISA Server to shut down with an out-of-memory error. (v7.1 Hotfix 44)
Diagnostics
The WISP trace (used by Websense Technical Support for diagnostic purposes) can now decode
the WISP messages Dynamic HTTP Lookup Request and Dynamic HTTP Lookup and Log
Request. (v7.0 Hotfix 34, v7.0.1 Hotfix 62)
The WebsensePing and TestLogServer tools now show custom URLs as recategorized. (v7.0
Hotfix 03, 20, 28, 34, v7.0.1 Hotfix 04, 13, 26, 29)
General
Websense daemons no longer deadlock when signaled with SIGTERM for graceful shutdown
(kill pid). (v7.0 Hotfix 15, 20, 28, 34, v7.0.1 Hotfix 04, 13, 26, 20)
Attempts to stop Websense services now succeed as expected. (v7.0 Hotfix 20, 28, 34)
Operation tips
To improve your experience with TRITON - Web Security:
Make use of the Quick Start tutorials offered when you launch TRITON - Web Security. The
tutorials can also be accessed from the Help menu.
• If this is your first experience with Websense filtering software, use the New User Quick
Start tutorial to learn about basic configuration, filtering policy creation, and reporting.
• If you have used previous versions of Websense filtering software, use the Upgrading User
Quick Start tutorial to orient yourself to the new features in version 7 (if upgrading from
version 5.x or 6.x), or in version 7.5 (if upgrading from version 7.0.x or 7.1).
Disable all browser pop-up blocking features.
If you are accessing TRITON - Web Security from a Linux machine, use Firefox 3.5.x.
Install or permanently accept the Websense security certificate the first time you launch
TRITON - Web Security. Instructions are available from the Knowledge Base
(kb.websense.com).
Avoid using the browser Back and Refresh buttons. Instead, use the breadcrumbs at the top of the
page or the left and right navigation panes.
12 Websense Web Security and Websense Web Filter

After entering your subscription key, perform system configuration tasks on the Settings pages
while the Master Database downloads. After the download is complete, log off and log on again
before accessing any policy management features.
Click OK at the bottom of each page in TRITON - Web Security to cache changes made on
the page.
In some instances, when you are performing secondary tasks, you must click OK on the
secondary page, and then click OK again on the main page to cache your changes. Make sure you
see the “Changes have been cached” success message.
Click Save All (at the top of the right shortcut pane) to implement cached changes.
It can take up to 30 seconds for all Websense components to be updated with the changes.
To improve your experience with Websense reporting tools:
If you are accessing TRITON - Web Security from a Linux machine, use Firefox 3.5.x to ensure
full availability of all reporting features.
If you install TRITON - Web Security first, and then install Log Server, you must manually
restart the ApacheTomcatWebsense (Windows) or Tomcat Server (Linux) service or daemon
on the TRITON - Web Security machine. This ensures that reporting data appears in TRITON -
Web Security, and that scheduled jobs are properly stored in the Log Database.
Known issues
Installation
When you install Websense software components on a Linux machine, when the installer
prompts for a directory path, do not include a backslash character (\) in the path. Use only
forward slashes (/) as directory separators.
During installation, if you choose to integrate with a Check Point product but then want to change
the integration product selection, cancel and restart the installer. Do not use the Previous button to
go back and change selections. The installer retains a history of which screens it has displayed. In
the case of Check Point integration, the Network Card Selection screen (to select the NICs used
by Network Agent) is not shown. However, for other integration products or standalone
deployment, this screen may be required. When you change the integration selection, the installer
skips the Network Card Selection screen unless you cancel and restart the installation process.
TRITON Unified Security Center
When you access TRITON - Web Security from a Windows machine for the first time using
Internet Explorer, you are prompted to install a security certificate. If, after logging, on, you click
the Data Security button to launch TRITON - Data Security, you are again prompted to install
the security certificate. This time, the security certificate does not install.
To install the security certificate for TRITON - Data Security, open a new, independent instance
of Internet Explorer, and then enter the TRITON - Data Security URL. This makes it possible to
click the link to install the certificate as expected.
Do not make changes to categories (adding or removing custom categories, for example) or risk
classes while Websense software is downloading the Master Database. If you attempt to save
changes to categories or risk classes during the download process, the changes will be lost, even
if no error is displayed in TRITON - Web Security.
Version 7.5 Release Notes 13

Because Master Database updates can change categories, protocols, and risk classes, allowing
administrators to also make changes in these areas during a database download could corrupt the
Policy Database.
Sometimes, when an administrator navigates to the Status > Today page in TRITON - Web
Security, the Health Alert Summary shows a continual Loading message, without ever
displaying system health messages. If this occurs, navigate away from the page (for example, by
selecting another page in the left navigation pane), and then return to the page.
Reporting
When TRITON - Web Security is accessed from a Linux machine, the charts on the Status >
Today and History pages display best in Firefox 3.5.x. With previous versions of Firefox, some
charts may fail to display at all, while others do not update properly.
When TRITON - Web Security is accessed from a Linux machine, the charts on the Status >
Today and History pages may not print correctly when an administrator clicks the Print button in
the toolbar at the top of the content pane.
Workarounds for this issue include:
• Print charts individually. To do this, right-click on a chart and select Print Chart.
• Log on to TRITON - Web Security from a Windows machine using a supported version of
Internet Explorer when you want to print Today and History page charts.
When TRITON - Web Security is accessed from a Linux machine, and an administrator attempts
to get an explanation of a Today or History page chart by positioning the mouse over the “i” icon
in the chart title bar, or to get an explanation of the Time and Bandwidth Saved values, some or
all of the text appears behind the chart. This is a limitation results from the way that Firefox
interprets Flash. For information about the charts and calculations, go to Help > Explain This
Page.
When a “Top Sites Visited” presentation report is exported to XLS format, the display is
irregular, with unexpected paging of the data. In PDF and HTML format, the data is formatted as
expected.
When an administrator using Internet Explorer 8 tries to use the Investigative Reports page to
create a detail report or export a summary report to PDF or XLS, a certificate error is displayed.
The page used to select report details is not displayed, or the report is not exported. This occurs
even when the TRITON - Web Security certificate has already been accepted. To address this
issue, install the certificate as a Trusted Root Certification Authority:
1. Click the pink Certificate Error box in the browser address bar, and then click View
Certificates.
2. Click Install Certificate, and then click Next.
3. Mark the Place all certificates in the following store radio button, and then click Browse.
4. Select the Trusted Root Certification Authorities folder, and then click OK.
5. Click Next, and then Finish.
6. When prompted to install the certificate, click Yes, and then click OK to close the success
message.
Network Agent
When specifying monitoring or blocking NICs for a Network Agent instance (on the Settings >
Network Agent > IP address > NIC Configuration page), do not select the MS Tunnel Interface
14 Websense Web Security and Websense Web Filter

Driver. Although this entry appears in the Network Interface Cards list, it is not a valid NIC, and
cannot be used to monitor or block traffic.
Audit Log
In TRITON - Web Security, when an administrator selects or deselects the Send category and
protocol data to Websense, Inc. check box on the Settings > General > Account page, two
similar entries appear in the audit log for the one change. The audit log treats sending category
data and sending protocol data as separate entries, even though both are controlled by a single
selection.
Remote Filtering
After you uninstall the Remote Filtering Client, some files remain on the client machine. If you
reinstall Remote Filtering Client, the files are overwritten. To remove the files manually after
uninstalling Remote Filtering Client, first reboot the client machine, and then delete:
• The entire C:\Program Files\Websense\WDC directory
• The following files in the C:\Windows\System32\Drivers\ directory:
Block Pages
wsfsfnet.sys
wscam6300.sys
wskdll.sys
wstdinet.sys
When end users use Internet Explorer 6 to attempt to access an FTP site that is blocked by the
active policy, the block page does not display.
Hybrid Filtering
When the hybrid service does not have user and group information, it expects a full POST of
directory information. When Directory Agent is initially configured and first connects to the
directory service, if it does not find any user and group records in the context it is configured to
search, it will send an empty snapshot to Sync Service, and the hybrid service continues to have
no user and group information. Later, if user and group information is added to the context, or if
Directory Agent is configured to use a different context, Directory Agent sends a differential
(DIFF) snapshot. The hybrid service, however, will not accept this differential snapshot, because
it does not have any user and group information.
In order to force Directory Agent to create a new initial snapshot and send it as a full POST,
delete the contents of the snapshots and diffs directories.
• Windows:
C:\Program Files\Websense\bin\snapshots
C:\Program Files\Websense\bin\diffs
• Linux
/opt/Websense/bin/snapshots
/opt/Websense/bin/snapshots
The next time Directory Agent collects directory information (whether scheduled or manually
initiated), a full POST of directory data is sent to the hybrid service.
If Sync Service connects to the hosted service through a third-party proxy that decrypts HTTPS
communication, configure the proxy to bypass SSL decryption for communication between the
Version 7.5 Release Notes 15

Sync Service IP address and the domain hsync-web.mailcontrol.com. (Websense Content
Gateway bypasses SSL decryption for this traffic by default.)
Further assistance
Technical information about Websense software and services is available 24 hours a day at:
www.websense.com/support/
the latest release information
the searchable Websense Knowledge Base
show-me tutorials
product documents
tips
answers to frequently asked questions
in-depth technical papers
For additional questions, click the Contact Support tab at the top of the page and fill out the online
support form.
If your issue is urgent, please call one of the offices listed below. You will be routed to the first
available technician, who will gladly assist you.
Location Contact information
North America +1 858-458-2940
France Contact your Websense Reseller. If you cannot
locate your Reseller: +33 (0) 1 57 32 32 27
Germany
UK
Rest of Europe
Middle East
Africa
Australia/NZ
Asia
Latin America
and Caribbean
Contact your Websense Reseller. If you cannot
locate your Reseller: +49 (0) 69 51 70 93 47
Contact your Websense Reseller. If you cannot
locate your Reseller: +44 (0) 20 3024 4401
Contact your Websense Reseller. If you cannot
locate your Reseller: +44 (0) 20 3024 4401
Contact your Websense Reseller. If you cannot
locate your Reseller: +44 (0) 20 3024 4401
Contact your Websense Reseller. If you cannot
locate your Reseller: +44 (0) 20 3024 4401
Contact your Websense Reseller. If you cannot
locate your Reseller: +61 (0) 2 9414 0033
Contact your Websense Reseller. If you cannot
locate your Reseller: +86 (10) 5884-4200
+1 858-458-2940
16 Websense Web Security and Websense Web Filter

Third-Party software notice
Websense, Inc., provides software solutions that integrate with your existing environment. In the
complex environments that are common in today’s marketplace, this involves interacting with a
variety of third-party software products. In some cases, Websense, Inc., makes an effort to simplify
the acquisition of this third-party software. However, you must obtain any upgrades and
enhancements to those products directly from the third-party vendor.
If you have questions, contact Websense Technical Support for additional information.
Subscription agreement
IMPORTANT - THIS SUBSCRIPTION IS PROVIDED ONLY ON THE CONDITION THAT THE SUBSCRIBER (REFERRED TO IN
THIS AGREEMENT AS “SUBSCRIBER”) AGREES TO THE TERMS AND CONDITIONS SET FORTH IN THE FOLLOWING
LEGAL AGREEMENT WITH WEBSENSE, INC. AND/OR ONE OF ITS SUBSIDIARIES (“WEBSENSE”). READ THIS
AGREEMENT CAREFULLY BEFORE ACCEPTING IT. BY CLICKING ON THE “I AGREE” BUTTON BELOW OR BY USING THE
SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT AND UNDERSTAND IT, AND THAT (1) YOU,
ON BEHALF OF YOURSELF, OR (2) SUBSCRIBER, IF SUBSCRIBER IS A BUSINESS, AGREE TO BE BOUND BY ITS TERMS
AND CONDITIONS.
1. Subscription and Grant of Right to Use.
Subject to the terms and conditions of this Agreement, Websense agrees to provide Subscriber the subscription services (“Subscription”) as
described in the purchase commitment mutually agreed upon between the parties (“Order”). Websense grants to Subscriber as part of the
Subscription a non-exclusive, nontransferable right to use certain proprietary software applications ("Software"), proprietary database(s) of
URL addresses, applications and other valuable information (“Databases”), changes to the content of the Databases (“Database Updates”)
and certain modifications or revisions to the Software (“Software Upgrades”), together with applicable documentation and the accompanying
media, if any, (collectively, the “Products”). The Products are provided for the number of Seats or servers for use in Subscriber’s own internal
business operations (not for the benefit of any other person or entity) for the time period set forth herein or in the applicable Order
(“Subscription Term”), provided Subscriber has and continues to pay the applicable fees for the Products (“Subscription Fees”). Subject to
compliance with the terms of this Agreement, Subscriber may relocate or transfer the Product for use on a different server within its location.
All fees paid for the Products are nonrefundable. “Seat” means each computer, electronic appliance or device that is authorized to access or
use the Products, directly or indirectly. Subscriber may only exceed the number of ordered Seats if Subscriber increases its Order and pays
additional Subscription Fees. Websense may, at any time, audit the use of the Products remotely or, upon reasonable notice, at Subscriber’s
site. Unless specifically authorized in writing in advance by Websense, Subscriber may not rent, lease or timeshare the Products or provide
subscription services for the Products or permit others to do so. Any source code provided to Subscriber by Websense is subject to the terms
of this Agreement. Subject to the terms of this Agreement, Subscriber may allow its agents and independent contractors to use the Products
solely for the benefit of Subscriber; provided, however, Subscriber remains responsible for any breach of this Agreement. Any other use of
the Products by any person, business, corporation, government organization or any other entity is strictly forbidden and is a violation of this
Agreement. Evaluation subscriptions to the Products are provided by Websense subject to the terms and conditions of this Agreement.
Evaluation subscriptions are available for a period of up to thirty (30) days, and may be used only to evaluate and facilitate Subscriber’s
decision to purchase a subscription to Products, and at the end of the evaluation period, Subscriber must pay the applicable Subscription Fees
or this Agreement will automatically terminate and Subscriber must comply with the terms of Section 7 below.
2. Technical Support.
Standard technical support includes online website and/or portal access, a reasonable amount of telephone support during business hours,
and Software Upgrades for the Products during the Subscription Term upon payment of the Subscription Fees. Standard technical support is
provided pursuant to the terms of this Agreement and the then-current technical support policies which are available at www.websense.com.
Websense may require Subscriber to install Software Upgrades up to and including the latest release. Enhanced support offerings and services
are available for additional cost and are also subject to the terms of this Agreement. Database Updates and Software Upgrades will be
provided to Subscriber only if Subscriber has paid the appropriate Subscription Fees for all Seats and/or servers.
3. Intellectual Property Rights.
The Products and all intellectual property rights therein and related thereto are the sole and exclusive property of Websense and any third
party from whom Websense has licensed software for incorporation in or distribution with the Products. All right, title and interest in and to
the Products and any modifications, translations, or derivatives thereof, even if unauthorized, and all applicable rights in patents, copyrights,
trade secrets, trademarks and all intellectual property rights in the same shall remain exclusively with Websense and its licensors. The
Products are valuable, proprietary, and unique, and Subscriber agrees to be bound by and observe the proprietary nature thereof. The Products
contain material that is protected by patent, copyright and trade secret law, and by international treaty provisions. All rights not granted to
Subscriber in this Agreement are reserved to Websense. No ownership of the Products passes to Subscriber. Websense may make changes
to the Products at any time without notice. Except as otherwise expressly provided, Websense grants no express or implied right under
Websense patents, copyrights, trademarks, or other intellectual property rights. Subscriber may make a sufficient number of copies of the
Software for its authorized use and may maintain one (1) copy of the Software for backup purposes only. Subscriber may not remove any
proprietary notice of Websense or any third party from any copy of the Products.
4. Protection and Restrictions.
Subscriber agrees to take all reasonable steps to safeguard the Products to ensure that no unauthorized person has access thereto and that no
unauthorized copy, publication, disclosure or distribution, in whole or in part, in any form is made. Subscriber acknowledges that the
Products contain valuable, confidential information and trade secrets and that unauthorized use and/or copying is harmful to Websense.
Subscriber may not directly or indirectly transfer, assign, publish, display, disclose, rent, lease, modify, loan, distribute, or create derivative
works based on the Products or any part thereof. Subscriber may not reverse engineer (except as required by law in order to assure
interoperability), decompile, translate, adapt, or disassemble the Products, nor shall Subscriber attempt to create the source code from the
Version 7.5 Release Notes 17

object code for the Software. Any third party software included in the Products may only be used in conjunction with the Products, and not
independently from the Products. Subscriber may not, and shall not allow third parties to, publish, distribute or disclose the results of any
benchmark tests performed on the Products without Websense’s prior written approval. Subscriber represents and warrants that it will
comply with all laws, rules and regulations which apply to its use of the Products. Subscriber further represents and warrants that the
Products will not be used to filter, screen, manage or censor Internet content for consumers without (a) permission from the affected
consumers and (b) Websense’s express prior written approval which may be withheld in Websense’s sole and absolute discretion. Additional
charges may apply if Subscriber assigns more than twenty (20) administrators to administer certain Websense products.
5. Limited Warranty.
For the Subscription Term, Websense warrants that the Products will operate in substantial conformance with the then-current Websense
published documentation under normal use. Notwithstanding the previous sentence, Websense does not warrant that: (i) Products will be
free from defects; (ii) Products will satisfy all of Subscriber’s requirements; (iii) Products will operate without interruption or error; (iv)
Products will always locate or block access to or transmission of all desired addresses, applications and/or files; (v) Products will identify
every transmission or file that should potentially be located or blocked; (vi) addresses and files contained in the Products will be
appropriately categorized; or (vii) algorithms used in the Products will be complete or accurate. Websense shall use reasonable efforts to
remedy any significant Product non-conformance reported to Websense that Websense can reasonably identify and confirm. Websense or
its representative will repair or replace any such non-conforming or defective Products, or refund a pro-rata share of the Subscription Fees
paid for the then-current term, at Websense’s sole discretion. This paragraph sets forth Subscriber’s sole and exclusive remedy and
Websense's entire liability for any breach of warranty or other duty related to the Products. Any unauthorized Product modification,
tampering with the Products, Product use inconsistent with the accompanying documentation, or related breach of this Agreement shall void
the aforementioned warranty. EXCEPT AS EXPLICITLY SET FORTH HEREIN AND TO THE EXTENT ALLOWED BY LAW, THERE
ARE NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY, NON-INFRINGEMENT, TITLE OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE
PRODUCTS.
6. Limitation of Liability.
TO THE FULLEST EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES WILL WEBSENSE, ITS AFFILIATES, ITS
LICENSORS OR RESELLERS BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE OR
INCIDENTAL DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE, ARISING OUT OF OR RELATED TO THIS
AGREEMENT INCLUDING, BUT NOT LIMITED TO CLAIMS FOR LOSS OF DATA, GOODWILL, OPPORTUNITY, REVENUE,
PROFITS, OR USE OF THE PRODUCTS, INTERRUPTION IN USE OR AVAILABILITY OF DATA, STOPPAGE OF OTHER WORK
OR IMPAIRMENT OF OTHER ASSETS, PRIVACY, ACCESS TO OR USE OF ANY ADDRESSES OR FILES THAT SHOULD HAVE
BEEN LOCATED OR BLOCKED, NEGLIGENCE, BREACH OF CONTRACT, TORT OR OTHERWISE AND THIRD PARTY
CLAIMS, EVEN IF WEBSENSE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL
WEBSENSE’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL
AMOUNT ACTUALLY PAID BY SUBSCRIBER TO WEBSENSE FOR THE APPLICABLE PRODUCTS OVER THE ONE YEAR
PERIOD PRIOR TO THE EVENT OUT OF WHICH THE CLAIM AROSE FOR THE PRODUCTS THAT DIRECTLY CAUSED THE
LIABILITY.
7. Termination.
This Agreement is effective until the end of the Subscription Term for such use as is authorized, or until terminated by either party.
Subscriber may terminate this Agreement at any time upon notification to Websense. However, Subscriber shall not be entitled to a refund
of any prepaid or other fees. Websense may terminate this Agreement if Websense finds that Subscriber has violated the terms hereof. Upon
notification of termination by either party, Subscriber agrees to uninstall the Software, cease using and to destroy or return to Websense all
copies of the Products and to certify in writing that all copies thereof, including backup copies, have been destroyed. Section 3-7, 9 and 11
shall survive the termination of this Agreement.
8. Government Restricted Rights.
The Products are provided with "RESTRICTED RIGHTS." Use, duplication, or disclosure by the U.S. Government is subject to restrictions
as set forth in FAR 52.227-14 and DFAR 252.227-7013 et seq. or its successor. Use of the Products by the U.S. Government constitutes
acknowledgment of Websense's proprietary rights therein. Contractor or Manufacturer is Websense.
9. Third Party Products.
The Products include software products licensed from third parties. Such third parties have no obligations or liability to Subscriber under
this Agreement but are third party beneficiaries of this Agreement.
10. Export.
Certain Products provided under the Agreement are subject to export controls administered by the United States and other countries (“Export
Controls”). Export or diversion contrary to U.S. law is prohibited. U.S. law prohibits export or re-export of the software or technology to
Cuba, Iran, North Korea, Sudan and Syria or to a resident or national of those countries (“Prohibited Country” or “Prohibited Countries”).
It also prohibits export or re-export of the software or technology to any person or entity on the U.S. Department of Commerce Denied
Persons List, Entities List or Unverified List; the U.S. Department of State Debarred List; or any of the lists administered by the U.S.
Department of Treasury, including lists of Specially Designated Nationals, Specially Designated Terrorists or Specially Designated
Narcotics Traffickers (collectively, the “Lists”). U.S. law also prohibits use of the software or technology with chemical, biological or
nuclear weapons, or with missiles (“Prohibited Uses”). Subscriber warrants that it is not located in, or a resident or national, of any
Prohibited Country; that it is not on any Lists; that it will not use the software or technology for any Prohibited Uses; and that it will
otherwise comply with Export Controls.
11. General.
Websense may periodically send Subscriber messages of an informational or advertising nature via email. Subscriber may choose to “optout”
of receiving these messages by sending an email to optoutlegal@websense.com requesting the opt-out. Subscriber acknowledges and
agrees that by sending such email and “opting out” it will not receive emails containing messages concerning upgrades and enhancements
to Products. However, Websense may still send emails of a technical nature. Subscriber acknowledges that Websense may use Subscriber's
company name in a list of Websense customers. Subscriber may not transfer any of Subscriber’s rights to use the Products or assign this
Agreement to another person or entity, without first obtaining Websense’s prior written approval. Notices sent to Websense shall be sent to
the attention of the General Counsel at 10240 Sorrento Valley Road, San Diego, CA 92121 USA. Any dispute arising out of or relating to
this Agreement or the breach thereof shall be governed by the federal laws of the United States and the laws of the State of California, USA
for all claims arising in or related to the United States, Canada, or Mexico; and Dublin, Ireland for all other claims, without regard to or
application of choice of laws, rules or principles. Both parties herby consent to the exclusive jurisdiction of (1) the state and federal courts
in San Diego, California, USA, for all claims arising in or related to the United States, Canada or Mexico, or (2) the competent courts in
Dublin, Ireland for all other claims. Both parties expressly waive any objections or defense based upon lack of personal jurisdiction or venue.
Neither party will be liable for any delay or failure in performance to the extent the delay or failure is caused by events beyond the party’s
18 Websense Web Security and Websense Web Filter

easonable control, including, fire, flood, acts of god, explosion, war or the engagement of hostilities, strike, embargo, labor dispute,
government requirement, civil disturbances, civil or military authority, disturbances to the Internet, and inability to secure materials or
transportation facilities. This Agreement constitutes the entire Agreement between the parties hereto. Any waiver or modification of this
Agreement shall only be effective if it is in writing and signed by both parties or posted by Websense at http://www.websense.com/global/
en/downloads/terms. If any part of this Agreement is found invalid or unenforceable by a court of competent jurisdiction, the remainder of
this Agreement shall be interpreted so as to reasonably effect the intention of the parties. Websense is not obligated under any other
agreements unless they are in writing and signed by an authorized representative of Websense.
Copyright and Trademarks
©1996–2009, Websense Inc.
All rights reserved.
10240 Sorrento Valley Rd., San Diego, CA 92121, USA
The products and/or methods of use described in this document are covered by U.S. Patent Numbers 6,606,659 and 6,947,985 and other patents
pending.
This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machinereadable
form without prior consent in writing from Websense, Inc.
Every effort has been made to ensure the accuracy of this document. However, Websense Inc., makes no warranties with respect to this
documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable
for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples
herein. The information in this documentation is subject to change without notice.
Trademarks
Websense is a registered trademark of Websense, Inc. in the United States and certain international markets. Websense has numerous other
unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.
Microsoft, Windows, Windows NT, Windows Server, and Active Directory are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries.
Red Hat is a registered trademark of Red Hat, Inc., in the United States and other countries. Linux is a trademark of Linus Torvalds, in the
United States and other countries.
Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole
property of their respective manufacturers.
Version 7.5 Release Notes 19

20 Websense Web Security and Websense Web Filter