search cancel

Endpoint Protection clients not protected by Web Security Service through Web Traffic Redirection


Article ID: 175178


Updated On:


Endpoint Protection Web Security Service - WSS


On computers using the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) component configured to use a custom proxy auto-configuration (PAC) file hosted outside the PAC File Management System (PFMS):

  • When visiting, the status page shows "You are not protected!"
  • Web Security Service (WSS) filtering rules are not applied to Web sites


This problem can happen when the internal PAC file provided to the WTR engine was created in a text editor that uses a single line feed (LF) character as a line break instead of a carriage return line feed (CRLF). The WTR engine only recognizes CRLF characters as line breaks. LF characters do not register as a new line in the parser and generate a parsing error. The SEP WTR engine fails open when this happens, sending traffic directly instead of through the WSS.


To work around this problem, either recreate the PAC file using a text editor configured to insert CRLF characters for line breaks (such as notepad on Windows), or replace any LF (0A in Hexadecimal) characters in the PAC file with CRLF (0D0A in Hexadecimal) characters.

For more information and recommendations, refer to Verify a Proxy Auto Configuration file using Web Security Service PAC File Management and Best practices for Endpoint Protection and Web Security Services integration.