SEP WTR traffic not protected by WSS

book

Article ID: 223925

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Users accessing WSS services via SEP WTR access method

Users being able to access pages they should not have access to

User traffic going straight to OCS sites and not via WSS

Users can access pfms.wss.symantec.com to download PAC file yet traffic is going direct

 

Cause

Invalid PAC file downloaded to the client

Environment

Windows workstation running SEP WTR agents

Resolution

Removed a function referenced in the PAC file that did not exist.

The following line existed that was not defined anywhere in the file, which the SEP WTR client was tripping up on. Because the PAC file was not cleanly processed, the SEP WTR client would fail open.

if(WSSLocalBypass(url, host)) return "DIRECT";

 

 

Additional Information

The SEP WTR rehydrated logs would include the following message indicating an issue processing PAC file, and that we switched to going direct to Web site.

 

[08/19/2021-13:31:39.403] LPS : 149c : 0670 : TRACE_DEBUG : TRACE_LEVEL_ERROR : connection::determine_target_host : connection_cpp744 :Could not find proxy for URL: https://edge.microsoft.com:443. Pac file not available/malformed (80072F86). Forcing direct and requesting full pac download. Connection id: 27.