search cancel

Endpoint Protection clients not protected by Web Security Service through Web Traffic Redirection

book

Article ID: 175178

calendar_today

Updated On:

Products

Endpoint Protection Web Security Service - WSS

Issue/Introduction

On computers using the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) component configured to use a custom proxy auto-configuration (PAC) file hosted outside the PAC File Management System (PFMS):

  • When visiting http://test.threatpulse.com, the status page shows "You are not protected!"
  • Web Security Service (WSS) filtering rules are not applied to Web sites

Cause

This problem can happen when the internal PAC file provided to the WTR engine was created in a text editor that uses a single line feed (LF) character as a line break instead of a carriage return line feed (CRLF). The WTR engine only recognizes CRLF characters as line breaks. LF characters do not register as a new line in the parser and generate a parsing error. The SEP WTR engine fails open when this happens, sending traffic directly instead of through the WSS.

Resolution

To work around this problem, either recreate the PAC file using a text editor configured to insert CRLF characters for line breaks (such as notepad on Windows), or replace any LF (0A in Hexadecimal) characters in the PAC file with CRLF (0D0A in Hexadecimal) characters.

For more information and recommendations, refer to Verify a Proxy Auto Configuration file using Web Security Service PAC File Management and Best practices for Endpoint Protection and Web Security Services integration.