Endpoint Protection Web Traffic Redirection fails to configure proxy settings

book

Article ID: 170698

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security Web Security Service - WSS

Issue/Introduction

The Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) feature is enabled, but the system proxy settings do not point to http://localhost:2968/proxy.pac. The AutoConfigURL value under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings is not updated.

Cause

This problem happens when the proxy settings configured by the WTR engine are overwritten by Windows, or another application.

The WTR engine configures proxy settings by modifying the registry. The following table describes the registry changes made by WTR and the reason for the individual changes.

Key Value Purpose
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current\Version\Internet Settings]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"="http://localhost:2968/proxy.pac" Sets the Proxy AutoConfig URL to the SEP LPS service proxy.pac file for 32-bit applications that use system proxy settings
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Internet Explorer\Control Panel]
"Autoconfig"=dword:00000001 Configures the system proxy settings to use a proxy server
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Internet Explorer\Control Panel]
"Proxy"=dword:00000001 Configures the system proxy settings to use the AutoConfigURL value

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings][HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxySettingsPerUser"=dword:00000000 Disables per-user proxy settings – this forces all applications to use the system proxy settings instead of any settings configured for the user under HKEY_CURRENT_USER

 

Environment

Microsoft Windows

Resolution

If possible, do not apply Domain policies that configure any proxy settings on computers configured to use WTR. Specifically, ensure any Domain policy applied to the computer sets the value of Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Make proxy settings per-machine (rather than per-user) is Not Configured. If proxy settings are configured by GPO, those settings will override what WTR sets on the system and may disrupt the web browsing experience.

Configuring proxy settings through other methods may also create a conflict on client computers. Applications like Fiddler, Virtual Private Network (VPN) clients, and Web anonymizer applications are known to configure proxy settings. Where possible, these applications should be disabled, or configured to leave proxy settings intact when WTR is enabled.