Release Notes - Forcepointkb.websense.com/pf/12/webfiles/DSS 7.5 docs/Data... · Version 7.5 Release Notes X 1 Release Notes Websense ® Data Security Version 7.5 Key features in

Release NotesWebsense® Data SecurityVersion 7.5

Key features in this release

Version 7.5 is a major release of Websense Data Security with powerful new features for data-only customers as well as compelling integration across the Websense product line. It offers expanded capabilities in every part of the product, presented through a significantly improved user interface experience. Web Security Gateway Anywhere customers can particularly benefit from a consolidated hardware platform and a unified management experience.

Here's what's new in v7.5:

Improved usability

Use a new Web user interface to manage every aspect of the system, including incident management and reporting, policy configuration, system configuration, and more, with no need for text file configuration, multiple product installations, or additional management consoles.

The Data Security management interface has been combined with the Web Security management interface in a new TRITON Unified Security Center. TRITON - Data Security offers both policy configuration and incident management. (You no longer need to move between the MMC and the DSS Manager.) TRITON - Web Security can be accessed through the same interface with a single sign on.

TRITON - Data Security is easier to learn than interfaces from previous versions. It is faster; it greatly simplifies policy creation and workflow; and it makes implementing data loss prevention (DLP) easy to visualize.

New architecture

Websense Data Security v7.5 has been completely redesigned on the back end.

Local Analysis

Version 7.5 uses a policy engine to analyze data. If you are combining Websense Web and Data Security solutions, the policy engine resides on the proxy component of the Web Security solution. This allows the 2 systems to interoperate seamlessly to secure your enterprise.

In data-only solutions, the policy engine resides on the protector and all Websense Data Security servers, so analysis is performed locally, saving you valuable network resources and improving performance. This is particularly helpful for organizations with low bandwidth connections and only occasional communication for policy updates and incident reports.

Version 7.5 Release Notes 1

By using a single protector to perform both network sniffing and content analysis, you achieve better load balancing/network distribution as well. And those with branch or satellite offices need just one machine to achieve the benefits of local analysis.

The policy engine is responsible for parsing your data and using analytics to compare it to the rules in your policies. It manages memory better than previous analyzers and provides more functionality. For example, it supports priorities for different transactions using arrival time. It supports lexicons. And it optimizes condition matching, supporting AND, OR, and NOT logic inside rules. This allows the Websense research team to generate better and more optimized policy templates.

A policy engine also resides on endpoints. This is useful for discovery as well as DLP on roaming portable endpoints.

Modular Design

In addition to multiple policy engines, you can now have multiple fingerprint databases—the primary on management server and others on supplemental Data Security servers to localize analysis. Secondary fingerprint repositories are updated on a pre-defined schedule.

A user repository now resides on the management server. You import user/group data there and use it for authentication and policy resources. From this data, Data Security can resolve email addresses, endpoint users, and IP addresses into a consolidated user entity.

This modularization makes Websense Data Security v7.5 a true enterprise product. Those with branch offices save money, because they need only one machine per branch.

Built-in Forensics Repository

In v7.5, forensics are automatically stored in an encrypted repository that’s an integral part of the product, for safety of sensitive data, regulatory compliance, and ease of management.

Scalable Distributed Deployment

With v7.5, you can scale up the system to any size deployment; all servers, local or remote, are self-sufficient and perform all types of analysis locally, while balancing the load of any monitored channel over any subset of servers. You can also analyze very large files, whether over email, when running agent-less or agent-based discovery, or when analyzing any user operations at the endpoint.

Reporting

Fast and Simple

Reporting is faster in v7.5 and simplified into 2 categories: data usage and data discovery. Endpoint reports are included in each category. All categories offer both detail reports and summary reports. Detail reports list incident details and statistics. Summary reports provide graphical summaries of incidents sorted by criteria, such as severity.

Rich Customizable Reports

Version 7.5 offers a set of new built-in reports that you can customize and organize for fast access. You can also create new reports. All reports may be run, edited, replicated, scheduled, emailed, printed, and exported to PDF or to CSV.

2 Websense Data Security

Graphical System Health

Version 7.5 provides graphical views of system health so you can observe and tune system behavior and performance.

Simplified deployment

It is faster and easier to deploy the Data Security Management Server and the protector in this version.

Data Security v7.5 also supports deployment on virtual machines.

If you have a subscription for Websense Web Security Gateway Anywhere, you don’t need to install the protector or any agents.

Simplified policy rendering

Policies in v7.5 are created in a whole new way. First, there is no longer an MMC. Now, you create and manage policies right in the Web user interface.

Version 7.5 offers many more sophisticated options for policies, as well as new easy-to-use tools and wizards.

Policy Building Blocks

In previous versions, there were several types of policies, such as key word policies and file-type policies. In v7.5, these become Content Classifiers that are just building blocks for your policies. (Other building blocks include Resources, Conditions, Rules, and Exceptions.)

These building blocks are tied into rules using express-mode or advanced-mode wizards. You can also create a rule from a content classifier automatically.

Resources are also tied into rules. These include the possible sources and destinations of data, as well as the remediation action to take. Resources can include users, computers, networks, printers, devices and more.

Policy Hierarchy

In v7.5, there is a new concept of policy levels.

When you create policies, you assign them a level that indicates execution priority order. A tree structure demonstrates the hierarchy that has been assigned. You can have as many levels as you wish. When you create a policy level, you assign it a name and an execution order.

For example, you may create 3 levels called High, Medium, and Low, where high-level policies are executed first, medium-level policies second, and low-level policies last. If there is a match when data is scanned according to the high-level policies, no scanning is performed on other levels. (Policies on the high level are still checked.) If there is no match, data is scanned according to medium-level policies, and so on.

At first when you install Websense Data Security, you have just one priority level. All the policies are implemented and the action is taken accordingly.


By assigning policies levels, you can align policies with various business requirements. For example, some companies might create a CEO policy that says, if an email is from the CEO, don’t screen it. In this case, you’d create a rule that matches everything and includes the CEO as a source. You’d add it to a policy with the highest level. Then, if the CEO rule is matched, the transaction processing stops.

Flexible Policy Configuration

With v7.5, you can define simple or compound policies; re-use building blocks; and use Boolean operators (AND, OR, NOT) to create any compound rule. You can also create exceptions for rules with a potentially different action plan. Endpoint and network policies are handled together, making it easier to apply the same rules across network and endpoint machines.

Policy Template Improvements

In this release, you can quickly locate policy templates based on regulations to which you must comply, or you can navigate directly to personal information templates for credit card number protection, social security number protection and the like. The template tree structure now includes both regulatory and personally identifiable information (PII) nodes for this purpose.

Simplified workflow

In version 7.5, you can assign, tag, or download incidents, change their status, change their severity, or mark them as ignored all from a new workflow menu on detailed incidents report. You can also tune policies directly from the incident, making it easy to eliminate uninteresting incidents. And you can delegate administration to specific business units, by exclusively associating users or networks with administrators.

Improved Remediation

In v7.5, remediation is more sophisticated. In previous versions, you had the concept of actions where you could block, permit, or notify. In this version, there is a broader concept of action plans. An action plan lets you specify and customize an action for each channel. For example, rather than blocking everything, you might quarantine email, block HTTP, but permit network and endpoint printing.

The built-in action plans are named Block All and Audit Only; Audit Only permits action on all channels but audits it. (This is the default.)

In each action plan, you can define the remediation scripts to run and email notifications to send.

You can use built-in remediation scripts or write custom scripts and execute them with run-time arguments to suit your needs. You can also include any resource files that the scripts require.

Improved filtering for incident analysis

In previous versions of Websense Data Security, there were 2 modes of filtering incidents when reviewing them: the Quick Filter and the Column Filter. In 7.5, you can filter at a more granular level.

When editing a report, there is a Filter tab where you select the main filter(s) to apply to this report and the exact properties to apply. For example, you can filter a report by application incidents; and you can further specify the application name(s) on which to filter.


The column filter enables you to filter the data as well. This you do directly from the incident list. Any changes you make using the column filter are automatically marked in the main filter, and vice versa.

To filter columns, click the down arrow button in a column header of an incident. In addition to applying column filters, you can select the columns to display in your report.

Enhanced discovery

Granular Discovery Policy Definition

With v7.5, you can define simple or compound policies for data at rest using the same building blocks and expressive power as for data usage over the network or at the endpoint.

Granular Discovery Task Definition

You can also define discovery tasks to scan any target, at any scheduled time, utilizing any subset of the discovery policies.

Broad Set of Discovery Targets

In this release, you can define discovery tasks to scan file shares, Share Point sites, all or samples of databases, as well as Exchange private or public folders.

Discovery Task Monitoring

Version 7.5 lets you monitor discovery task progress and exceptions, as well as be able to pause, continue, or rerun a task.

Rich Customizable Discovery Reports

There is a new set of out-of-box discovery reports, with all the granular options provided for reports of data usage over the network or at the endpoint.

Endpoint enhancements

Data Security v7.5 provides more services for the endpoint, providing a more end-to-end solution.

Endpoint Profiles

In v7.5, endpoint operations and services are no longer in the profile. They are now part of the policy.

Increased Policy Granularity

In this version, you can set content based policy for specific endpoint applications and/or removable devices (as opposed to globally to all applications and devices).

Endpoint LAN Channel

Version 7.5 supports endpoint LAN control. This lets you control what’s being copied from an endpoint over a LAN, especially useful for preventing telecommuters from copying data onto home networks.


Endpoint Web Channel

You can now apply policy to the Web channel at the network and at endpoint simultaneously. This lets you block HTTP and HTTPS post actions from endpoint computers for the first time.

Online Application Protection

In this release, you can apply content protection to designated online resources—such as SaaS applications or the Intranet—by blocking downloads and copying of content from the browser onto the local machine.

Removable Media File Encryption

You can now enforce encryption on sensitive files being copied to removable media.

Support for Windows Mobile platforms

You can now scan and block data being copied from Windows XP desktops to portable devices that support the Microsoft ActiveSync 4.5 protocol, and from Windows Vista desktops to devices that support Mobile Device Center 6.1.

Version 7.5 does not support non-Windows mobile technologies that use proprietary synchronization software, such as Nokia and iPhone.

Whole Document Endpoint Print Control

Data Security v7.5 lets you control the data being printed at the endpoint, regardless of the locally saved document.

Screen Capture Forensics

You can now review screen shot forensics for incidents generated by the print-screen operation.

Integrations

Websense Web Security Gateway

In v7.5, Websense Data Security has been closely integrated with Websense Web security modules—such as Websense Web Security, Web Filter, Web Security Gateway, and Web Security Gateway Anywhere.

Through the TRITON Unified Security Center, you can manage both Web Security and Data Security from the same management application. (In a future version, you will also be able to manage Email Security.)

The Data Security policy engine has been directly integrated into the proxy component of the Websense Web Security Gateway as a native analytic. If you have Web Security Gateway Anywhere, you can prevent data loss over Web channels—including encrypted HTTP and FTP—without a full Websense Data Security subscription.

In this release, Web Security Gateway and Websense Data Security can be installed on the same appliance via VMware, allowing you to leverage hardware costs of the V-Series infrastructure.

Avoid redirecting Web, and more importantly encrypted Web (HTTPS) traffic to another box, by using the on-box DLP built into Web Security Gateway. There is no dependency on connectivity to


an extra device for analysis. Your sensitive data is protected even from plain-text forwarding over the network.

Websense Content Gateway

Deployments with just Websense Data Security and Content Gateway—but no Websense Web filtering modules—can also benefit from Websense Data Security and Content Gateway changes.

In previous versions, integration with Websense Content Gateway was achieved via ICAP. In this version, the policy engine is built into Content Gateway, localizing and optimizing analysis of Web transactions there. ICAP integration is still available, for those who have already implemented it.

Content Gateway has a configuration page that lets you register the policy engine with the Data Security Management Server. When you do, Content Gateway becomes a configurable module on the TRITON - Data Security System Modules page.

You can balance loads on the Content Gateway module as well as any policy engine.

Nomenclature changes

Many terms have changed in Data Security v7.5.

Hardware requirements

Data Security Server

The Data Security Server and management server are hardware-independent. The minimum and recommended requirements are:

Old Term New Term

Data at Rest Data Discovery

Data in Motion Data Usage (network)

Data in Use Data Usage (endpoint)

Analyzer Policy Engine

DSS Manager TRITON - Data Security

Key word policies, file-type policies, etc. Content Classifiers

Data Security Server Minimum Requirements Recommended

CPU 2 Dual-core Intel Xeon processors (2.0 GHz) or AMD equivalent

2 Quad-core Intel Xeon processors (2.0 GHz) or AMD equivalent

Note: The Management Server can not have more than 8 cores.

Memory 2 GB 4 GB

Hard drives 4 - 72 GB 4 - 146 GB

Disk space 144 GB 292 GB


Data Security Protector

DSS Protector is hardware-independent. The minimum and recommended requirements are:

Recommended (Optional) additional NICs for inline mode:

The following Silicom network cards are supported by the protector appliance. NICs SKUs are:

PEG4BPi - Intel-based Quad-Port Copper Gigabit Ethernet PCI-Express Bypass Server AdapterPEG2BPi - Intel-based Dual-Port Copper Gigabit Ethernet PCI-Express Bypass Server AdapterPXG4BPi - Intel-based Quad-Port Copper Gigabit Ethernet PCI-X Bypass Server AdapterPXG2BPi - Intel-based Dual-Port Copper Gigabit Ethernet PCI-X Bypass Server AdapterPEG2Fi - Intel-based Dual-Port Fiber (SX) Gigabit Ethernet PCI-Express Server AdapterPXG2Fi - Intel-based Dual-Port Fiber (SX) Gigabit Ethernet PCI-X Server Adapter

Data Endpoint

Pentium 4 (1.8 GHz or above)At least 512 MB RAM on Windows XP or 1GB RAM on Windows Vista, Windows 7, Windows Server 2003, or Windows Server 2008At least 200 MB free hard disk spaceOne of the following operating systems:

Windows XP (32-bit)Windows Vista (32-bit)Windows Server 2003 (32-bit)Windows 7 (32-bit)Windows Server 2008 (32-bit)

Hardware RAID 1 + 0 1 + 0

NICs 1 2

Data Security Server Minimum Requirements Recommended

Protector Minimum Requirements Recommended

CPU 2 Dual-core Intel Xeon processors (2.0 GHz) or AMD equivalent

2 Quad-core Intel Xeon processors (2.0 GHz) or AMD equivalent

Memory 2 GB 4 GB

Hard drives 2 - 72 GB 4 - 146 GB

Disk space 70 GB 292 GB

Hardware RAID 1 1 + 0

NICs 2 (monitoring), 3 (inline) 2 (monitoring), 3 (inline)


Software support

Supported messenger applications

Websense Data Security v7.5 supports the following Instant Messenger applications:

MSN Messenger 8.xMSN Messenger 9 MSN Messenger 2009Yahoo Messenger 8.1Yahoo Messenger 9Yahoo Messenger 10

Supported browsers

Internet Explorer 7Internet Explorer 8Firefox 3.0.x - 3.5.x.

If you have another browser or version, the user interface may behave in unexpected ways or report an error.

Supported databases

Websense has certified support for the following ODBC-compliant databases:

Oracle 10g (ODBC driver 10.1.0.2.0)Microsoft SQL Server 2008 (SQL Server 2008 ODBC driver)Microsoft SQL Server Express (SQL Server Express ODBC driver)IBM DB2 9.5 (ODBC driver 8.2.9)IBM Informix IDS (IBM Informix ODBC driver 3.00.00.13223)MySQL 5.1 (ODBC driver 5.1.5)Sybase ASE 15.0 (Sybase ODBC driver 15.0.0.152)

Data Security also supports CSV files (UNC path needs to be specified: \\server\share\path_to_file.csv)

Installation

Because version 7.5 has been re-architected, you must install it from scratch. Upgrades are not supported at this time, though they are planned for a future release.


Installing the manager

If you are new to Websense Data Security, please refer to Chapter 3 of the Websense Data Security Deployment Guide for instructions on installing the Data Security Management Server.

If you have an earlier version of DSS Manager running, do the following:

1. Optionally, perform a system backup as described in the document, “DSS v7.1 Backup and Restore” on the Websense Knowledge Base. Restore the system on a virtual machine or another server for future reference.

2. From Windows Control Panel, select Add/Remove Programs and completely uninstall Data Security Suite.

3. From Control Panel, select Add/Remove Programs and completely uninstall Microsoft SQL Server.

4. Reboot the machine.5. Run regedit once again, and delete the following registration keys if they exist:

HKEY_LOCAL_MACHINE\Software\WebsenseHKEY_LOCAL_MACHINE\Software\Vidius

6. From the installation drive, delete the folders: \Microsoft SQL Server\Some files won’t be deleted. This is okay. You will delete the rest of the data in step 7.

7. Delete the following folders:<DSS_PATH> c:\program files \websense by defaultInetpub\wwwroot\agentapiInetpub\wwwroot\EPInetpub\wwwroot\DSSInetpub\wwwroot\PADMSScheduled tasks (if not removed yet)

8. Reboot the machine.

WarningThe following information describes editing the registry. Before proceeding, back up the registry, and be sure you understand how to restore the registry if a problem occurs. Refer to the Microsoft Knowledge Base (support.microsoft.com/kb/256986/EN-US/) for information on backing up, restoring, and editing the registry.

Websense, Inc., provides information on how to edit the Windows registry as a convenience to its customers, but does not support Windows in any way and will not be responsible for any problems that may arise from such editing.

Using Registry Editor incorrectly may cause serious problems that could require you to reinstall the operating system. Websense and Microsoft do not guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.


http://kb.websense.com/

www.support.microsoft.com/kb/256986/EN-US/

www.support.microsoft.com/kb/256986/EN-US/

9. Install the Data Security Management Server v7.5 as described in Chapter 3 of the Websense Data Security Deployment Guide.

10. Recreate your policies using the new policy infrastructure. Refer to TRITON - Data Security Help for instructions on creating new policies.

In large deployments, Websense recommends that analysis be performed by a secondary server or protector rather than the Data Security Management Server. This prevents traffic from having to cross your network unnecessarily.

Installing the protector

The protector must be re-imaged and installed from scratch as described in Chapter 4 of the Websense Data Security Deployment Guide.

If you have an earlier version of the protector, Websense strongly recommends that you add more RAM before installing version 7.5. The 7.5 protector requires 4 GB RAM while the 7.1 protector required only 1 GB. This is because the protector now performs analysis locally.

If you do not add more RAM, we recommend that you:

1. Disable the policy engine on the new protector.a. Go to Settings > System Modules.b. Expand the protector module.c. Click the policy engine in the protector module.d. De-select Enabled.e. Click OK.f. Deploy your settings.

2. Set load balancing so the analysis is performed by a Data Security server rather than the protector.a. Go to Settings > System Modules.b. Click Load Balancing in the toolbar.c. Expand the protector module.d. Click any channel under the protector.e. Select the radio button labeled Selected policy engines.f. Choose the Data Security server policy engine to use for analysis.g. Select the check box labeled Apply these settings to all of this protector’s services.h. Click OK.i. Deploy your settings.

NOTE

Data Security v7.5 does not work with earlier versions of the Websense Linking Service. Your version of Data Security software must match your version of Web Security software for the Linking Service to work.


Installing other Data Security modules

If you have other Data Security modules—such as supplemental Data Security servers or standalone agents—do the following to install v7.5:

1. Uninstall the Data Security component completely.2. Run regedit once again, and delete the following registration keys if they exist:

HKEY_LOCAL_MACHINE\Software\WebsenseHKEY_LOCAL_MACHINE\Software\Vidius

3. Reboot the machine.4. Install the same component as described in Chapter 3 or 4 of the Websense Data Security

Deployment and Installation Guide.5. Register the component with the Data Security Management Server as prompted by the new

installer. 6. In TRITON - Data Security, click Deploy.

Installing the endpoint

Upgrading endpoint clients from v7.1 to 7.5 is not supported. If you have an earlier version of the Data Endpoint, do the following to install v7.5:

1. Uninstall the endpoint clients.2. Create a new endpoint package using v7.5 and install it on your endpoints as described in

Chapter 4 of the Websense Data Security Deployment and Installation Guide.

If you are new to Data Endpoint, follow the instructions in Websense Data Security Deployment and Installation Guide to create and install an endpoint package.

Known issues

TRITON - Data Security

Some user interface pages use a tree structure—for example, discovery tasks and the policy template list. The tree component has performance issues when it contains several dozens or hundreds of nodes. Expanding and collapsing the trees can be slow.In some cases, when you install the Websense security certificate to avoid browser alerts, the certificate does not take effect until all browser windows are closed and a new browser is opened.In FireFox browsers, to activate a button, you must click the button label. Clicking on the button background has no effect. When logging into TRITON - Data Security, the URL must not contain underscore characters. Pressing Refresh on the System Health page makes you lose your position. The system reverts to the main branch of the tree. For Websense Web Security Gateway Anywhere customers, the System Modules page displays components that are not relevant—namely the SMTP agent and Endpoint Server. These are standard parts of the Data Security Management Server and other Data Security servers, but do not apply to Web Security Gateway Anywhere, which provides Web-based data loss prevention only.


If you are using Firefox v3, when you navigate to certain reports, such as Data Usage > Incidents - last 3 days, and scroll down the page, the filter bar scrolls too, and the title of the table disappears. When you create a fingerprint on a very large directory or file path (over 260 chars), an error results. The error text, “General Folder/File Error” shows in the content classifier failed or filtered items error list. If you have a large number of rules, the batch update can be very slow. When you edit the following built-in NLP classifiers, there is no meaning to the Exclude section of the dialog box (i.e., you cannot exclude patterns or phrases). Data in motion:

Count Attachments (Stateful)Strategic DocumentsMergers and Acquisitions informationSoftware Design DocumentsW-2 formHR: CV policyHR Israel: CV policy in EnglishHR Israel: CV policy in HebrewVerilog Source code 1Verilog Source code 2VHDL Source CodeSoftware Source Code: C family or Java (default)Software Source Code: C family or Java (wide)Software Source Code: Perl Source (by file extension)Software Source Code: Perl Source (by content)SPICE Source code (Berkeley version)SPICE Source codePatents detectionDB File: dBase formatDB File: MORE formatDB File: Filemaker formatDB File: SmartWare II formatDB File: MS Works for Mac formatDB File: MS Works for DOS formatDB File: MS Works for Windows formatDB File: Paradox formatDB File: Ability Office formatDB File: MS Access formatDB File: Lotus Notes NSF formatEncrypted File: PDF - encrypted


Encrypted File: Word - encryptedEncrypted File: Excel spreadsheet - encryptedEncrypted File: ZIP archive - encryptedEncrypted File: RAR archive - encryptedEncrypted File: PGP signed and encrypted data formatEncrypted File: PGP encrypted data formatMicrosoft Visio business and technical drawing formatAutodesk DWG format filesAutodesk WHIP format filesDetcAutoCAD DXF binary format filesDetcAutoCAD DXF text format filesCorel draw format fileCatia format filesSolidWorks filesFDA 21 CFR : Clinical TrialsITAR: EncryptionITAR: NuclearITAR: SpaceITAR: MilitaryITAR: C family or Java Source CodeITAR:SPICE Source code (Berkeley version)ITAR: SPICE Source codeITAR: Verilog Source codeITAR: VHDL Source CodeITAR: Technical Drawing filesFERC: pipeline flow diagrams FERC: form 567FERC: form 715FERC: MS VisioFERC: AutoCAD DXF BinaryFERC: AutoCAD DXF TextFERC: AutoDesk DWGFERC: AutoDesk WHIPFERC: SolidWorksPetroleum and Gas Sensitive Information: Logs and Survey ReportsPetroleum and Gas Sensitive Information: Petroleum File ExtensionsPetroleum and Gas Sensitive Information: pipeline flow diagrams Petroleum and Gas Sensitive Information: form 567Petroleum and Gas Sensitive Information: form 715


Petroleum and Gas Sensitive Information: MS VisioPetroleum and Gas Sensitive Information: AutoCAD DXF BinaryPetroleum and Gas Sensitive Information: AutoCAD DXF TextPetroleum and Gas Sensitive Information: AutoDesk DWGPetroleum and Gas Sensitive Information: AutoDesk WHIPPetroleum and Gas Sensitive Information: SolidWorksConfidential in Header or FooterText in header or footerTerms in Keyword PropertyTerms in Document PropertiesManipulated ContentSEC: Form 10KSEC: Form 10K - Non Std fiscal yearSEC: Form 10QSEC: Form 10Q - Non Std fiscal yearSOX: Form 10KSOX: Form 10K - Non Std fiscal yearSOX: Form 10QSOX: Form 10Q - Non Std fiscal yearTurkey Protection of Personal Data Draft Law: SpreadsheetsTurkey Protection of Personal Data Draft Law: Confidential in Header FooterHR Cyrillic: CV in EnglishHR Cyrillic: CV in Russian or UkranianCheck 21: TIFF FormatDIACAP: 8520.1 - Confidential DocumentsFFIEC: TIFF format file typeFISMA: Confidential in DocumentMITS - Confidential DocumentsCDR: Suspected Call details rowsCDR: Suspected Call details headers

Data at rest:CDR: Call details headersFERC: disclaimerFERC: pipeline flow diagramsFERC: form 567FERC: form 715ITAR: Technical Drawing filesMergers and Acquisitions informationMovie and TV Manuscripts


Logs and Survey ReportsPetroleum File ExtensionsSOX: Form 10KSOX: Form 10QSoftware Source Code: C family or JavaSoftware Source Code: C family or Java ExtensionsSPICE Source code (Berkeley version)SPICE Source codeVerilog Source codeVHDL Source CodeHR: CV policyHR Cyrillic: CV in Russian or UkranianW-2 formTurkey PII: SpreadsheetsIsrael PII: CV policy in HebrewHR Israel: CV in HebrewIndia: Form 16DB File: dBase formatDB File: MORE formatDB File: Filemaker formatDB File: SmartWare II formatDB File: MS Works for Mac formatDB File: MS Works for DOS formatDB File: MS Works for Windows formatDB File: Paradox formatDB File: Ability Office formatDB File: MS Access formatDB File: Lotus Notes NSF format

Installation

Data Security v7.5 does not work with earlier versions of the Websense Linking Service. Having a hyphen in computer name of the Data Security Management Server machine may cause the following problems:

Oracle may fail to installThere protector may not be able to register with the Data Security Management Server due to a DNS resolution error.

When the Data Security installer starts, it checks for the drive with the most free space and sets that as the default installation path (although you can override this setting in the installation wizard). When a removable media drive is connected to the Data Security Management Server, the installer defaults to the removable media drive, because it has a larger capacity.


When installing agents, if you create an administrator with a password that includes special characters like quotes, spaces, tabs or slashes, the system cannot authenticate with the Data Security Management Server and registration fails. No matter what drive you try to install an agent on, if the C: drive is low on disk space, you receive a warning to this effect.

Fingerprinting and Discovery

If you have just added a DSN for an IBM DB2 database, you must stop all discovery tasks and fingerprinting jobs running on that machine and restart the Websense Data Security Work Scheduler service before performing discovery or fingerprinting on the DB2 database. To restart the service, select Start > Run and type services.msc. In the services window, right-click Websense DSS Work Scheduler Service and select Restart.The files list in fingerprinting task statistics updates periodically during fingerprinting tasks. If a task is small, the list appears empty until the task is complete. If it is large, the list shows a subset of fingerprinted files. This list grows with each update until all files are listed. Occasionally the Estimated total records value shown during fingerprinting tasks shows an incorrect value, as much as double the amount. In database or CSV fingerprinting, validation scripts are not applied on sample data, just on the fingerprinted records. For this reason, validation scripts must not change the column number or merge columns together.During database fingerprinting, custom queries that contain non-English column names cannot be performed. File exclusion does not work in SharePoint discovery or fingerprinting; files are scanned when they should not be. Folder exclusion works as expected.

Incidents & Reports

When a user sends a file larger than 10 MB, Data Security does not display the Checksum property in report attachments—such as the XML attachment on the Properties tab of the Incidents (last 3 days) report. Data Security only displays the Checksum property for discovery incidents. When you schedule a report task to run once, after the task is completed, its “Last run” status returns to “Never”. When an eml file is attached to an email incident, you cannot see its content in the incident’s preview page. To view the file, you must download it and open it locally. When a txt file that is attached to an email incident is zipped twice, you cannot see its content in the incident’s preview page. To view the file, you must download it and open it locally. When an email message is sent with a To: and Cc: destination, both the To: and Cc: fields display in the To: section of the incident report. The option to hide an incident’s source and destination details from a specific role hides only the source. The destination details are revealed.

Analysis

Data Security has difficulty extracting text from filled-in PDF forms. In some cases, the text is not analyzed. Data Security does not detect data in Microsoft Excel comments. Data Security does not detect text in Microsoft Publisher files. Data Security does not analyze the metadata of plain text files for content.


Data Security does not extract text from the following file types:Microsoft One Note filesMicrosoft Project 2003 files Yahoo Instant Messenger history filesMicrosoft cabinet (CAB) files

Data Security no longer supports ACE, ARJ, or CPIO file types. If you are going to scan a table with non-English column names for database fingerprints or discovery, you must change the regional and language option on the crawler machine to the language of the column names. The data inside the table works fine regardless of regional settings. Windows hidden shares are not accessible when you are configuring fingerprinting classifiers. Data Security does not see them, so it does not display them as an option. When text that violates policy is partially formatted (for example, some characters are bold but others are not, or part of a word is colorized), it may not be detected by the system.This applies to certain Web applications, such as Webmail, accessed through HTTP channels on the protector, Content Gateway, endpoint, etc. HTML or MHT documents with the following encodings are not well analyzed.

Arabic AsmoArabic DOSChinese Simplified GB2312Chinese Simplified HZCyrillic DOSCyrillic KOI8-uHebrew ISO-LogicalJapanese JISThai (Windows)User Defined

Agents

When configuring the ISA Agent on the System Modules page, if you manually enter a file name into the custom violation message field, the file upload hangs if the file name is not valid. The screen says “Processing...” This only happens when you are using Internet Explorer (IE) v6 or 7 to access TRITON - Data Security. If you are using IE 8 or Firefox, you are forced to Browse to a file and this issue cannot occur. Unlike previous versions, the Content Gateway agent v7.5 cannot decode URLs; therefore it cannot detect data posted as part of the URL when the URL is encoded. File names are not analyzed when users print content; therefore, “file by name” classifiers are not detected. The printer agent does not supply the policy engine with NT domain names when sending user names. If a rule involves NT domain users, its incidents are not matched.


Protector

When the protector serves as an MTA, it does not handle non-English disclaimers well. When users modify the default disclaimer with non-English content, the disclaimer is delivered with symbol characters. Unlike previous versions, the protector v7.5 cannot decode URLs; therefore it cannot detect data posted as part of the URL when the URL is encoded.

Data Endpoint

Unlike previous versions, the Data Endpoint v7.5 cannot decode URLs; therefore it cannot detect data posted as part of the URL when the URL is encoded. Some endpoint applications, such as Microsoft Excel, save open files for backup purposes—even when no changes are made and the user does not select Save. In these cases, the content is scanned and file access may trigger an incident. If policies are configured to encrypt matched files, the files may also be encrypted. If policies are configured to delete matched files, the files may be deleted. NOTE: This applies only to files located on external media (removable drive or network drive). The file quarantine feature stores a backup of the file if it is deleted.Some endpoint applications override the operating system print screen capabilities. When this happens, Data Security’s screen capture operation does not intercept the data. When the endpoint intercepts a printed document, the file that is sent for analysis is the actual spool file—the file that goes to the printer. This file is typically much larger than the original file. If an endpoint printer file is larger than 300 MB, it is not analyzed, because Data Security cannot extract text from files of this size.Occasionally, when you use the endpoint print option, the spool file that is sent for analysis contains 2 copies of the text. If Data Security is analyzing by threshold, it counts everything twice. When a user prints a Microsoft Excel file containing multiple sheets, each sheet is analyzed separately and generates independent incidents, when applicable. If a file that was formerly encrypted by the endpoint when copied to removable media is copied from the removable media back to the endpoint, the encryption is removed from the file copy. (The removable media instance remains encrypted.) The same applies to files copied from the removable media to a shared folder over a LAN. When you deploy a new endpoint refresh interval, it doesn’t take effect until one more refresh occurs using the original refresh time. If a user copies data from application A to application B, and application A is monitored for the Copy operation while application B is monitored for the Paste operation, only the Paste operation is analyzed. The source application is not displayed in the incident details. When an endpoint user posts a file larger than 100 MB to the Web, it is not analyzed. When an endpoint user prints from a Firefox browser, data is in the search box of the browser is not analyzed. Occasionally, key phrase classifiers with non-English characters that contain spaces are not detected on the endpoint print channel. If you monitor endpoint copy from an online application, the following scenario does not trigger an incident:a. Open 2 browser tabs—one displaying one Web site, the other displaying another.


b. Copy data from the first page, switch browser tabs to the other site and paste the data.To catch this sort of activity, monitor the endpoint Web channel. With endpoint Web, the copy to the other browser is not detected, but the post to the Web is.Geo-location is not available for endpoint Web channel incidents. Fingerprinted files that are downloaded to endpoints are not deleted when the rules they belong to no longer apply to endpoint channels. The files are deleted only when the rules to which the content classifiers they belong to are deleted or disabled. To make sure fingerprint files are deleted, either delete the relevant rules and create new rules without the endpoint channels, or disable the rules completely and—after all endpoints have synchronized—re-enable the rules without the endpoint channels.

Integrations

Version 7.5 supports integration with Voltage Encryption software, but support is not built in. Please contact Technical Support if you require such an integration.

System

Some components of system backup—such as backing up the PreciseID database folder— are performed as transactions. You cannot stop the backup procedure during these transactions.

Instant Messaging

When deploying settings to the protector, active instant messenger (IM) sessions are no longer monitored. Every IM session that is opened after the deploy is monitored. In Yahoo, “Minimum Transaction Size” means the buffer size that is used to buffer chatting (not file transfers). A job is submitted to the policy engine either when the buffer is filled or when time passes as defined in the “Buffer Interval” field, whichever comes first. Notes: a. The timing is not accurate; there is no timer. It depends on packets that peers send from time

to time even while idling. b. The buffer collects some wrapping text as well, so if one defines a buffer “too small,” it

means that even a single character line is submitted immediately. When a user violates policy on Yahoo by sending a sensitive file from one client to another, the protector cannot always parse the data that Yahoo sends. Yahoo file transfer is implemented using HTTP POST requests and it does not have MIME headers that describe the type of data. Because these headers are not available, TRITON - Data Security presents the incident forensics as raw data. You can download the incident, but you do not know which application to view it with. Because Yahoo file transfer is detected as an HTTP session, incidents are presented as HTTP. Likewise, if you disable the protector’s HTTP service, you are also disabling Yahoo file transfer detection. When both clients share a network that allows a HTTP peer to peer between them, they use HTTP GET for file transfer. These incidents are not detected. A firewall setting that prevents peer to peer Web communications overcomes this limitation. MSN Messenger has a file transfer option over UDP. When this option is selected (the selection is done automatically by Messenger), Data Security does not detect the file transfer. Websense recommends blocking outgoing UDP on port 7001 in the firewall level to overcome this. In addition, we also recommend faking a DNS resolving for the address relay.data.edge.messenger.live.com in order for the protector to successfully detect file transfer operations.


Further assistance

Websense, Inc., is committed to customer satisfaction. Go to the Websense Technical Support Web site (www.websense.com/SupportPortal/) any time for the latest release information, Knowledge Base articles, or product documentation, or to create a support request.

The response time for online requests during business hours is approximately 4 hours. Response to after-hours requests occurs the next business day.

Telephone assistance is also available. For quick and efficient answers to telephone requests, please be ready with the following:

Websense subscription keyAccess to TRITON - Data Security Familiarity with your network’s architecture, or access to a person who has this knowledgeSpecifications of the machines running the Data Security Management Server and other Data Security serversA list of other applications running on the Data Security Management Server and other Data Security servers

A list of other applications running on the Data Security Management Server and other Data Security servers. For severe problems, additional information may be needed.

Standard telephone assistance is available during normal business hours Monday through Friday at the following numbers:

San Diego, California, USA: +1 858.458.2940London, England: +44 (0) 203 024 4401

Check the Support Web site listed above for operating hours and other support options.

Customers in Japan should contact their distributor for the most rapid service.


http://www.websense.com/SupportPortal/

Subscription agreement

IMPORTANT - THIS SUBSCRIPTION IS PROVIDED ONLY ON THE CONDITION THAT THE SUBSCRIBER (REFERRED TO IN THIS AGREEMENT AS “SUBSCRIBER”) AGREES TO THE TERMS AND CONDITIONS SET FORTH IN THE FOLLOWING LEGAL AGREEMENT WITH WEBSENSE, INC. AND/OR ONE OF ITS SUBSIDIARIES (“WEBSENSE”). READ THIS AGREEMENT CAREFULLY BEFORE ACCEPTING IT. BY CLICKING ON THE “I AGREE” BUTTON BELOW OR BY USING THE SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT AND UNDERSTAND IT, AND THAT (1) YOU, ON BEHALF OF YOURSELF, OR (2) SUBSCRIBER, IF SUBSCRIBER IS A BUSINESS, AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.

1. Subscription and Grant of Right to Use. Subject to the terms and conditions of this Agreement, Websense agrees to provide Subscriber the subscription services (“Subscription”) as described in the purchase commitment mutually agreed upon between the parties (“Order”). Websense grants to Subscriber as part of the Subscription a non-exclusive, nontransferable right to use certain proprietary software applications (“Software”), proprietary database(s) of URL addresses, applications and other valuable information (“Databases”), changes to the content of the Databases (“Database Updates”) and certain modifications or revisions to the Software (“Software Upgrades”), together with applicable documentation and the accompanying media, if any, (collectively, the “Products”). The Products are provided for the number of Seats or servers for use in Subscriber's own internal business operations (not for the benefit of any other person or entity) for the time period set forth herein or in the applicable Order (“Subscription Term”), provided Subscriber has and continues to pay the applicable fees for the Products (“Subscription Fees”). Subject to compliance with the terms of this Agreement, Subscriber may relocate or transfer the Product for use on a different server within its location. All fees paid for the Products are nonrefundable. “Seat” means each computer, electronic appliance or device that is authorized to access or use the Products, directly or indirectly. Subscriber may only exceed the number of ordered Seats if Subscriber increases its Order and pays additional Subscription Fees. Websense may, at any time, audit the use of the Products remotely or, upon reasonable notice, at Subscriber's site. Unless specifically authorized in writing in advance by Websense, Subscriber may not rent, lease or timeshare the Products or provide subscription services for the Products or permit others to do so. Any source code provided to Subscriber by Websense is subject to the terms of this Agreement. Subject to the terms of this Agreement, Subscriber may allow its agents and independent contractors to use the Products solely for the benefit of Subscriber; provided, however, Subscriber remains responsible for any breach of this Agreement. Any other use of the Products by any person, business, corporation, government organization or any other entity is strictly forbidden and is a violation of this Agreement. Evaluation subscriptions to the Products are provided by Websense subject to the terms and conditions of this Agreement. Evaluation subscriptions are available for a period of up to thirty (30) days, and may be used only to evaluate and facilitate Subscriber's decision to purchase a subscription to Products, and at the end of the evaluation period, Subscriber must pay the applicable Subscription Fees or this Agreement will automatically terminate and Subscriber must comply with the terms of Section 7 below.

2. Technical Support. Standard technical support includes online webbiest and/or portal access, telephone support during business hours, and Software Upgrades for the Products during the Subscription Term upon payment of the Subscription Fees. Standard technical support is provided pursuant to the terms of this Agreement and the then-current technical support policies which are available at support.websense.com. Websense may require Subscriber to install Software Upgrades up to and including the latest release. Enhanced support offerings and


services are available for additional cost and are also subject to the terms of this Agreement. Database Updates and Software Upgrades will be provided to Subscriber only if Subscriber has paid the appropriate Subscription Fees for all Seats and/or servers.

3. Intellectual Property Rights. The Products and all intellectual property rights therein and related thereto are the sole and exclusive property of Websense and any third party from whom Websense has licensed software for incorporation in or distribution with the Products. All right, title and interest in and to the Products and any modifications, translations, or derivatives thereof, even if unauthorized, and all applicable rights in patents, copyrights, trade secrets, trademarks and all intellectual property rights in the same shall remain exclusively with Websense and its licensors. The Products are valuable, proprietary, and unique, and Subscriber agrees to be bound by and observe the proprietary nature thereof. The Products contain material that is protected by patent, copyright and trade secret law, and by international treaty provisions. All rights not granted to Subscriber in this Agreement are reserved to Websense. No ownership of the Products passes to Subscriber. Websense may make changes to the Products at any time without notice. Except as otherwise expressly provided, Websense grants no express or implied right under Websense patents, copyrights, trademarks, or other intellectual property rights. Subscriber may make a sufficient number of copies of the Software for its authorized use and may maintain one (1) copy of the Software for backup purposes only. Subscriber may not remove any proprietary notice of Websense or any third party from any copy of the Products.

4. Protection and Restrictions. Subscriber agrees to take all reasonable steps to safeguard the Products to ensure that no unauthorized person has access thereto and that no unauthorized copy, publication, disclosure or distribution, in whole or in part, in any form is made. Subscriber acknowledges that the Products contain valuable, confidential information and trade secrets and that unauthorized use and/or copying is harmful to Websense. Subscriber may not directly or indirectly transfer, assign, publish, display, disclose, rent, lease, modify, loan, distribute, or create derivative works based on the Products or any part thereof. Subscriber may not reverse engineer (except as required by law in order to assure interpretability), decompile, translate, adapt, or disassemble the Products, nor shall Subscriber attempt to create the source code from the object code for the Software. Any third party software included in the Products may only be used in conjunction with the Products, and not independently from the Products. Subscriber may not, and shall not allow third parties to, publish, distribute or disclose the results of any benchmark tests performed on the Products without Websense's prior written approval. Subscriber represents and warrants that it will comply with all laws, rules and regulations which apply to its use of the Products. Subscriber further represents and warrants that the Products will not be used to filter, screen, manage or censor Internet content for consumers without (a) permission from the affected consumers and (b) Websense's express prior written approval which may be withheld in Websense's sole and absolute discretion. Additional charges may apply if Subscriber assigns more than twenty (20) administrators to administer certain Websense products.

5. Limited Warranty. For the Subscription Term, Websense warrants that the Products will operate in substantial conformance with the then-current Websense published documentation under normal use. Notwithstanding the previous sentence, Websense does not warrant that: (i) Products will be free from defects; (ii) Products will satisfy all of Subscriber's requirements; (iii) Products will operate without interruption or error; (iv) Products will always locate or block access to or transmission of all desired addresses, applications and/or files; (v) Products will identify every transmission or file that should potentially be located or blocked; (vi) addresses and files contained in the Products will be appropriately categorized; or (vii) algorithms used in the Products will be complete or accurate. Websense shall use reasonable efforts to remedy any significant Product non-conformance reported to Websense that Websense can reasonably identify and confirm. Websense or its representative will repair or replace any such non-conforming or defective Products, or refund a pro-data share of the Subscription Fees paid for the


then-current term, at Websense's sole discretion. This paragraph sets forth Subscriber's sole and exclusive remedy and Websense's entire liability for any breach of warranty or other duty related to the Products. Any unauthorized Product modification, tampering with the Products, Product use inconsistent with the accompanying documentation, or related breach of this Agreement shall void the aforementioned warranty. EXCEPT AS EXPLICITLY SET FORTH HEREIN AND TO THE EXTENT ALLOWED BY LAW, THERE ARE NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, TITLE OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE PRODUCTS.

6. Limitation of Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES WILL WEBSENSE, ITS AFFILIATES, ITS LICENSORS OR RESELLERS BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE OR INCIDENTAL DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE, ARISING OUT OF OR RELATED TO THIS AGREEMENT INCLUDING, BUT NOT LIMITED TO CLAIMS FOR LOSS OF DATA, GOODWILL, OPPORTUNITY, REVENUE, PROFITS, OR USE OF THE PRODUCTS, INTERRUPTION IN USE OR AVAILABILITY OF DATA, STOPPAGE OF OTHER WORK OR IMPAIRMENT OF OTHER ASSETS, PRIVACY, ACCESS TO OR USE OF ANY ADDRESSES OR FILES THAT SHOULD HAVE BEEN LOCATED OR BLOCKED, NEGLIGENCE, BREACH OF CONTRACT, TORT OR OTHERWISE AND THIRD PARTY CLAIMS, EVEN IF WEBSENSE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL WEBSENSE'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY SUBSCRIBER TO WEBSENSE FOR THE APPLICABLE PRODUCTS OVER THE ONE YEAR PERIOD PRIOR TO THE EVENT OUT OF WHICH THE CLAIM AROSE FOR THE PRODUCTS THAT DIRECTLY CAUSED THE LIABILITY.

7. Termination. This Agreement is effective until the end of the Subscription Term for such use as is authorized, or until terminated by either party. Subscriber may terminate this Agreement at any time upon notification to Websense. However, Subscriber shall not be entitled to a refund of any prepaid or other fees. Websense may terminate this Agreement if Websense finds that Subscriber has violated the terms hereof. Upon notification of termination by either party, Subscriber agrees to uninstall the Software, cease using and to destroy or return to Websense all copies of the Products and to certify in writing that all copies thereof, including backup copies, have been destroyed. Section 3-7, 9 and 11 shall survive the termination of this Agreement.

8. Government Restricted Rights. The Products are provided with “RESTRICTED RIGHTS.” Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in FAR 52.227-14 and DFAR 252.227-7013 et seq. or its successor. Use of the Products by the U.S. Government constitutes acknowledgment of Websense's proprietary rights therein. Contractor or Manufacturer is Websense.

9. Third Party Products. The Products include software products licensed from third parties. Such third parties have no obligations or liability to Subscriber under this Agreement but are third party beneficiaries of this Agreement.

10. Export. Certain Products provided under the Agreement are subject to export controls administered by the United States and other countries (“Export Controls”). Export or diversion contrary to U.S. law is prohibited. U.S. law prohibits export or re-export of the software or technology to Cuba, Iran, North Korea, Sudan and Syria or to a resident or national of those countries (“Prohibited Country” or “Prohibited Countries”). It also prohibits export or re-export of the software or technology to any person or entity on the U.S. Department of Commerce Denied Persons List, Entities List or Unverified List; the U.S. Department of State Debarred List; or any of the lists administered by the U.S. Department of Treasury, including lists of


Specially Designated Nationals, Specially Designated Terrorists or Specially Designated Narcotics Traffickers (collectively, the “Lists”). U.S. law also prohibits use of the software or technology with chemical, biological or nuclear weapons, or with missiles (“Prohibited Uses”). Subscriber warrants that it is not located in, or a resident or national, of any Prohibited Country; that it is not on any Lists; that it will not use the software or technology for any Prohibited Uses; and that it will otherwise comply with Export Controls.

11. General. Websense may periodically send Subscriber messages of an informational or advertising nature via email. Subscriber may choose to “opt-out” of receiving these messages by sending an email to [email protected] requesting the opt-out. Subscriber acknowledges and agrees that by sending such email and “opting out” it will not receive emails containing messages concerning upgrades and enhancements to Products. However, Websense may still send emails of a technical nature. Subscriber acknowledges that Websense may use Subscriber's company name in a list of Websense customers. Subscriber may not transfer any of Subscriber's rights to use the Products or assign this Agreement to another person or entity, without first obtaining Websense's prior written approval. Notices sent to Websense shall be sent to the attention of the General Counsel at 10240 Sorrento Valley Road, San Diego, CA 92121 USA. Any dispute arising out of or relating to this Agreement or the breach thereof shall be governed by the federal laws of the United States and the laws of the State of California, USA for all claims arising in or related to the United States, Canada, or Mexico; the laws of England and Wales for all claims arising in or related to the United Kingdom; and Dublin, Ireland for all other claims, without regard to or application of choice of laws, rules or principles. Both parties hereby consent to the exclusive jurisdiction of (1) the state and federal courts in San Diego, California, USA, for all claims arising in or related to the United States, Canada or Mexico, (2) the competent courts in England and Wales for all claims arising in or related to the United Kingdom; or (3) the competent courts in Dublin, Ireland for all other claims. Both parties expressly waive any objections or defense based upon lack of personal jurisdiction or venue. Neither party will be liable for any delay or failure in performance to the extent the delay or failure is caused by events beyond the party's reasonable control, including, fire, flood, acts of god, explosion, war or the engagement of hostilities, strike, embargo, labor dispute, government requirement, civil disturbances, civil or military authority, disturbances to the Internet, and inability to secure materials or transportation facilities. This Agreement constitutes the entire Agreement between the parties hereto. Any waiver or modification of this Agreement shall only be effective if it is in writing and signed by both parties or posted by Websense at http://www.websense.com/legal. If any part of this Agreement is found invalid or unenforceable by a court of competent jurisdiction, the remainder of this Agreement shall be interpreted so as to reasonably effect the intention of the parties. Websense is not obligated under any other agreements unless they are in writing and signed by an authorized representative of Websense.

Copyright and trademarks©1996–2010, Websense Inc.All rights reserved.10240 Sorrento Valley Rd., San Diego, CA 92121, USAThe products and/or methods of use described in this document are covered by U.S. Patent Numbers 6,606,659 and 6,947,985 and other patents pending.This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent in writing from Websense, Inc.Every effort has been made to ensure the accuracy of this document. However, Websense Inc., makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.


TrademarksWebsense, the Websense Logo, Threatseeker and the YES! Logo are registered trademarks of Websense, Inc. in the United States and/or other countries. Websense has numerous other unregistered trademarks in the United States and internationally. Microsoft, Windows, Windows NT, Windows Server, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.Red Hat is a registered trademark of Red Hat, Inc., in the United States and other countries. Linux is a trademark of Linus Torvalds, in the United States and other countries.

All other trademarks are the property of their respective owners.
