WebMarshal

Version: 6.5.2, Last Revision: September 01, 2009

These notes are additional to the WebMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Marshal8e6 Knowledge Base article Q12719.

What's New
Upgrading WebMarshal
Uninstalling
Hardware and Software Requirements
Change History

What's New

For more information about additional minor features and bug fixes, see the change history.

Features New in 6.5

Proxy Caching: WebMarshal now allows caching of HTTP web content to provide quicker response for users.
Support for Microsoft SQL Server 2008: WebMarshal now supports the use of Microsoft SQL Server 2008 for logging and reporting.
SafeSearch: WebMarshal now provides the ability to enforce use of the safe search features available in major search engines (initially supporting Google, Yahoo!, and Bing).
TRACEnet: The TRACEnet functionality is an automatically updated "zero day" blacklist that prevents users from browsing to websites identified as malicious or dangerous by the Marshal8e6 TRACElabs team.
Dashboard and Monitoring Enhancements: A new Monitoring node of the console includes Active Session, Dashboard, and Event Log. The Dashboard has an improved layout, and includes sections for TRACEnet and Proxy Caching.
Automated Configuration Backup: WebMarshal can now be configured to automatically backup its configuration on a nightly basis.
Integration of Marshal8e6 Filter list: The Marshal8e6Filter list is an additional URL categorization listing now available with WebMarshal.
Customer Feedback: WebMarshal 6.5 reintroduces the Customer Feedback functionality that was previously available in WebMarshal 3.7. The function provides the ability for administrators to participate in sending anonymous information about browsing history to Marshal8e6. The information is used to improve product quality and functionality.
File Type recognition and unpacking enhancements: WebMarshal now recognizes and unpacks additional types, including OpenOffice file types. For details of other improvements see the MC items in the change history. See also Marshal8e6 Knowledge Base article Q12839.

Features New in 6.1.7

Support for Additional Marshal Filtering List Categories

The Marshal Filtering List now includes the following new categories: General Business, Banner Advertisements, Social Networking, Business Networking, Social Media, and Web Storage.

Note:

After upgrading, to use the new categories, add them to appropriate categories or rules.

Features New in 6.1.5

Support for Microsoft Windows Vista

WebMarshal now supports Windows Vista, 32 or 64 bit versions.

Support for Microsoft Windows Server 2008

WebMarshal now supports Windows Server 2008, 32 or 64 bit versions.

Notes:

For notes about Vista and Server 2008 support, see the following Marshal8e6 Knowledge Base articles: Q12136 and Q12164.
VMware Workstation installation of Windows Server 2008 (32 or 64 bit versions) is supported on VMware Workstation versions 6.5 and above.

Features New in 6.1

Connection Rules: WebMarshal can now control connection attempts from many Instant Messaging and Streaming Media applications. Connection Rules control HTTP
access only.
HTTPS Content Inspection: WebMarshal can now inspect HTTPS traffic. HTTPS rules include validation of the protocol and certificate. WebMarshal can decrypt traffic, apply content analysis, and re-encrypt for transfer to the client.
Real-Time Dashboard: The WebMarshal Console now provides a dashboard that allows an administrator to easily monitor statistical information about WebMarshal server performance, traffic volume, and filtering activity.
ISA plug-in functionality: WebMarshal 6.1 re-introduces the ISA plug-in (WebFilter) functionality that was previously available in WebMarshal 3.X. Connection rules and HTTPS rules are not available with the ISA plug-in.

Features New in 6.0.3

Disk Space Checking: WebMarshal Proxy now checks free disk space and refuses requests if space is low. The minimum required is 512MB by default. The warning level is 1.5GB. For details, see Marshal8e6 Knowledge Base article Q11896.
Sophos for Marshal Support: Marshal8e6 now provides an integrated package (updater and scanner) using the Sophos Anti-virus engine. You can download Sophos for Marshal from the Marshal8e6 website. Version 6.0.3 and above trial keys enable this component. If you want to try Sophos for Marshal and you already have a permanent WebMarshal key, please contact Marshal8e6 to obtain a special time-limited key.

Features New in Release 6.0

Array Support: WebMarshal 6.0 is more scalable and now supports centrally managed arrays.
Server Groups: Rules and configuration settings can be applied to groups of processing servers.
Database Outage Resilience: WebMarshal will continue processing user requests even if the database goes offline. The database is not used to store configuration. Database log records are queued until the database comes back online.
Content Type Detection: WebMarshal can now block content based on the Content-Type header returned by websites. This means WebMarshal does not need to download a file to block it by type. This saves bandwidth usage.
Archive and Document File Unpacking: WebMarshal recursively unpacks archive and document file types and applies content rules to the contained files.
Active Directory Connectors: WebMarshal can now import users and groups using native Active Directory Connectors. WebMarshal can import from the local AD domain and trusted domains.
Policy Containers: The structure of WebMarshal rules has been improved to allow for nested policy containers. This allows for clearer more intuitive policy layout and additional flexibility.
Additional Access Control: WebMarshal now allows different levels of access to Console items and the Array Manager. Access can be granted to helpdesk staff.
Streamlined User Interface: WebMarshal now has an updated configuration console, designed to make administration tasks easier and more intuitive, including an improved policy tester.
Text Logging: WebMarshal services log functional and error information to text log files.
Revert Configuration: You can re-set any configuration changes that have been made in the Console and not yet committed.

Features of previous versions that are not included in the initial 6.0 release

ISA Plug-in Support: Plug-in (WebFilter API) installation to ISA is not supported in this release. Same-server chained installation is supported.
Feedback: URL Aggregator feedback to Marshal8e6 is not implemented.
Rule Action 'Send Net Popup': This action has been removed.

Earlier Feature Enhancements

To review earlier feature enhancement history, see the release notes for earlier WebMarshal versions.

Upgrading WebMarshal

To upgrade from a previous version 6.x release, run the product installer on each server where WebMarshal components are installed (including the Array Manager, and any additional processing node servers and Console installations). See the upgrade notes below for version-specific information. (Upgrade from Beta releases of WebMarshal 6.0 is not supported.)

Note: It is best practice to back up your WebMarshal configuration before upgrading.

You cannot upgrade directly from a version 3.X installation. Due to the changes in policy structure and server communication in WebMarshal 6.X, you must install WebMarshal 6.X as a new installation. Database and software upgrade from version 3.X or earlier versions is not supported. Upgrade from Beta releases of WebMarshal 6.0 is not supported.: Note: Version 3.X license keys are not valid for WebMarshal 6.X. You must obtain a new permanent key. When installed, WebMarshal generates a 30-day trial key.

You can install WebMarshal 6.X side-by-side with WebMarshal 3.X on the same server. Note that you cannot use the ISA plug-in for both versions at the same time. For details, please see Marshal8e6 Knowledge Base article Q11833.

Upgrading from 6.0 to 6.5

When you upgrade a WebMarshal 6.0 installation to 6.5, you will be asked if you want to upgrade your policy. The policy upgrade adds new sample HTTPS and Connection Rules and policy elements, to assist you in using new features of the product. The upgrade does not change any existing policy elements, and it does not change the effective rules.

Note: Using HTTPS Content Inspection significantly increases CPU usage on the WebMarshal processing servers (due to encryption and decryption load). Depending on the amount of HTTPS traffic that you choose to inspect, you may need to improve your server specification.

If you are logging data to a SQL database, the database must be upgraded. If necessary, the installer will prompt for credentials of a database user with permission to upgrade the database (database owner privilege). If the database is not upgraded, database logging will be disabled until you upgrade the database and re-enable logging. For more information and instructions, see Marshal8e6 Knowledge Base article Q12030.

Be sure to upgrade any WebMarshal Console installations on other workstations.

Upgrade Notes

Version 6.5 introduces a number of file type sub-types (such as PDF Protected and Document IRM). Administrators should review file type conditions, particularly in Standard Rules where sub-types may not be available, to verify that the appropriate actions are applied to each type. See also Marshal8e6 Knowledge Base article Q12839.

Version 6.5 does not support upgrade from 6.1.0 (6.1 Release Candidate or Beta).

When upgrading from 6.1.2 to 6.5 if you have full logging enabled it is important to note that the capacity of the WebMarshal machine will drop considerably.

Uninstalling

You can cleanly uninstall the program using the following steps:

Close the WebMarshal applications including the Console and Reports on all workstations.
On the WebMarshal server(s), use the Windows Add/Remove Programs control panel to remove WebMarshal.
If you selected a location outside the WebMarshal install folder for files created by WebMarshal (such as Proxy Cache or Configuration Backup), the uninstallation will not remove the files. Delete these files manually if required.
On any other workstations where WebMarshal components were installed, use the Windows Add/Remove Programs control panel to remove them. These components can include WebMarshal console software and WebMarshal Reports.
You can drop the WebMarshal database from the SQL server by using the SQL Express administration tools.

Hardware and Software Requirements

Hardware required is dependent on the number of concurrent web users and the rules in use. Use of Filtering Lists improves performance. Heavy use of TextCensor decreases performance.

Typically a computer with the following specifications is adequate as a processing server for 250-500 concurrent users.

Pentium 4 2GHz or better. Use of HTTPS Content Inspection significantly increases CPU usage (due to encryption and decryption load).
20 GB free disk space. 30 GB additional free space required for Proxy Caching with the default settings. (Additional disk required for Filtering Lists and text logging)
2 GB RAM

WebMarshal Array Manager and processing servers require the following software:

Windows 2003 Server SP1 and above
Windows XP Professional SP2 and above
Vista Business or Ultimate SP1 and above (32 or 64 bit)
Windows Server 2008 (32 or 64 bit)
Utility prerequisites:
- Microsoft Visual C++ 2005 SP1 runtimes
- Microsoft XML 6.0
- Microsoft .NET 2.0
  Note: The above software will be installed as part of the WebMarshal installation if necessary.
- Windows Installer 3.1. You can obtain this software from Microsoft or in the Extras folder of the WebMarshal installation CD-Rom.
ISA Server plug-in functionality supports the following versions of ISA Server:
- ISA 2004 Service Pack 2 and above (Standard and Enterprise editions)
- ISA 2006 (Standard and Enterprise editions)
  Note: ISA 2000 is not supported by this version of WebMarshal.
For database logging (optional), SQL Server 2008 or SQL 2008 Express, SQL Server 2005 or SQL 2005 Express.
Note: A WebMarshal installation package that includes SQL Express is available. This package will offer to install SQL Express locally with appropriate options (Named Pipes and TCP/IP enabled, using the default instance if possible).
For NDS integration, Novell NDS Client (Version 4.91 or later recommended)

WebMarshal Console requires:

Windows 2003 Server SP1 and above
Windows XP SP2 and above
Windows Vista SP1 and above (32 or 64 bit)
Windows Server 2008 (32 or 64 bit)

WebMarshal Reports require:

Windows 2003 Server SP1 and above
Windows XP SP2 and above
Windows Vista SP1 and above (32 or 64 bit)
Windows Server 2008 (32 or 64 bit)

Change History

The following additional items have been changed or updated in the specific build versions of WebMarshal listed.

6.5.2 (September 01, 2009)

WM-934	The Customer Feedback mechanism last available in WebMarshal 3.7.5 is again implemented in this release.
WM-1722	Performance counters have been added for traffic between the Array Manager and the nodes, as follows: `WMController\Bytes Received Array Manager` and `WMController\Bytes Sent Array Manager`
WM-1837	If a version 6.0 database is selected, the user is now given the option to upgrade the database structure or select another database.
WM-2242	WebMarshal services are now configured to restart when they stop unexpectedly (using the Windows Service Control Manager settings).
WM-2347	Attribute names in XML configuration files were treated as case sensitive. This issue has been addressed for the following files: `WMArrayMgr.config.xml, WMController.config.xml, WMEngine.config.xml` and `WMProxy.config.xml.` Note that element (node) names are still case sensitive.
WM-2393	The display of quota amounts on pages presented to users now matches the rounding and units shown in the WebMarshal console.
WM-2399	The Connector Reload schedule time was not always saved correctly when changed. Fixed.
WM-2413	WebMarshal default block pages now use the standard WebMarshal.home template.
WM-2416	The "via" header returned to the client was not correctly formatted when using an upstream proxy. Fixed.
WM-2436	The Controller log now shows the name of each user group being loaded.
WM-2453	WebMarshal.home display issues present in earlier versions of Safari for Windows have been corrected in Safari 4.
WM-2454	The "file information" lines in the Engine log could display a blank "size" entry. Fixed.
WM-2492	Downloads aborted by the user or other software were still passed to the engine for processing. Fixed.
WM-2502	DNSBL lookups from URLCensor now have a configurable timeout. For more information see Knowledge Base article Q12716.
WM-2504	In earlier versions, adding individual computers to groups by IP address did not grant the correct permissions. Fixed.
WM-2515	The unpacking file customization setting in the engine configuration XML file was not applied. Fixed.
WM-2516	Engine debug logging did not provide information about TextCensor triggering. Fixed.
WM-2531	The Server Properties "Apply" button could be activated even though no changes were made. Fixed.
WM-2532	Archive files containing files with duplicate names could cause unpacking errors. Fixed.
WM-2542	In earlier versions, upgrading could require a restart, or fail, due to an issue with locking of Performance Monitor DLLs. Fixed.
WM-2549	Description fields in rules and policy elements now allow a new line to be created by pressing Enter (previously required Ctrl+Enter).
WM-2553	IP address matching for authentication and LAT did not correctly match partial subnet ranges. Fixed.
WM-2560	Some console elements did not function correctly at 120dpi (accessibility for visual impairment). Fixed.
WM-2571	Unpacking of Office 2007 items could cause an exception. Fixed.
WM-2590	The "Grab" button on the rule tester did not identify running instances of Internet Explorer. Fixed.
WM-2592	The WebMarshal Proxy encountered an exception when "indefinitely" quotas applied to a user and that user browsed to WebMarshal.home. Fixed.
WM-2595	WebMarshal now supports addition of the X-forwarded_for header to help with diagnosing the source of requests. For more information see Knowledge Base article Q12723.
WM-2610	The OpenSSL library used has been upgraded to version 0.9.8i.
WM-2616	The rule warning time period selection dialog did not show the selected value as default when opened for editing. Fixed.
WM-2622	The Engine logged meaningless messages when scanning for malware if no malware was found. Fixed.
WM-2623	The auto-refresh of Active Sessions can now be disabled.
WM-2628	The retention of WebMarshal log files can now be configured. For more information see Knowledge Base article Q12717.
WM-2634	When a user without the correct Console permission modified a rule, the error message dialog did not function correctly. Fixed.
WM-2638	When a "display warning once" action was triggered, remaining rules were never processed, so the page could be permitted inappropriately. Fixed.
WM-2645	The Policy Test page "grab" function did not always update the URL field. Fixed.
WM-2647	TextCensor could fail to open some files for evaluation due to URL encoding of the file names. Fixed.
WM-2709	In version 6.1.6, the quota table on block pages was not correctly displayed. Fixed.
WM-2713	The WebMarshal Support Tool did not gather log and file information from custom locations. Fixed.
WM-2721	The timeout value for unpacking has been increased to allow for large archive files.
WM-2744	File type identification could cause an exception with certain corrupt files. Fixed.
WM-2755	URLs could be categorized incorrectly due to a problem with handling of temporary category insertions on the local node. Fixed.
WM-2805	The result of the Print function in the console has been improved.
WM-2858	The text of a form posting was not correctly identified and TextCensor was not applied. Fixed.
WM-2876	The Real-Time Dashboard now includes TRACEnet data.
WM-2915	File name matching was not applied in some cases after a warning pages was displayed. Fixed.
WM-2916	Form posting over inspected HTTPS could fail because closed connections were not properly detected. Fixed.
WM-2924	The proxy service could take excessive time to restart when required by policy change. Fixed.
WM-2989	Block rules were not applied in some cases after a warning pages was displayed. Fixed.
WM-3009	The Proxy service did not correctly handle the HTTP response 204 (no content). Fixed.
WM-3017	HTTP/1.1 support did not include the OPTIONS method. Fixed.
WM-3022	The WebMarshal Support Tool gathered dump files starting with the oldest. Fixed: The most recently created files are gathered.
WM-3028	The Active Sessions view lost its scroll position when refreshed. Fixed.
WM-3040	The WebMarshal Support Tool now runs at "below normal" priority so that other services have priority for processing time.
WM-3046	The default download trickle rate is set to 90% to improve perceived performance.
WM-3049	Installing URLCensor raises a warning that real-time DNS lookups affect the browsing experience.
WM-3060	When an upstream proxy was configured, reloading configuration would always restart the WebMarshal Proxy service. Fixed.
WM-3062	Binary content served with an incorrect MIME type of "text" was subjected to the hold-back requirement for text files. Fixed.
WM-3078	The default delay before trickling text files is reduced to 30 seconds. This can help to avoid client timeouts when binary content is mis-reported as text/plain in the response headers.
WM-3082	The default server timeout in the proxy service is set to 300 seconds to help avoid timeouts when accessing sites with slow back-end response.
WM-3101	WebMarshal now provides authentication caching to assist with access by applications that cannot respond to a request for proxy credentials. For more information see Knowledge Base article Q12734.
WM-3151	Computer users that were also members of a user group (range) could still browse some sites after being explicitly removed. Fixed.
WM-3161	HTTPS content inspection could consume excessive and increasing memory. Fixed.
WM-3214	Unpacking errors were not properly handled when they occurred at the beginning of unpacking. Fixed.
WM-3235	File type identification has been improved to show Word 6 and Document IRM types.
WM-3283	Problems with access while updating user groups could cause the Array Manager to stop unexpectedly. Fixed.
WM-3288	Text logs now correctly handle external error messages with multiple lines.
WM-3299	Word 6 documents are correctly recognized and scanned.
WM-3404	YouTube video was not blocked by Connection Rules due to a recent change in the YouTube/Google website. Fixed.
WM-3433	HTTPS Content Inspection did not properly release allocated memory. Fixed.
WM-3457	Yahoo Messenger was not blocked by Connection Rules in all cases. The problem has been addressed with additional testing of protocol headers.
WM-3459	Requests made with `Accept-Ranges` could cause multiple aborted connections to a server. Fixed: WebMarshal now strips `Accept-Ranges` headers. (WebMarshal does not support byte ranges because the entire file is required for scanning.)
MC-4	Certain MSI files were incorrectly recognized as OLE files. Fixed.
MC-13	Certain CAB files were detected as type BIN. Fixed.
MC-14	OGG audio and video streams are now detected.
MC-17	Encrypted PDF documents could be detected as type PDF (not encrypted). Detection of this type has been improved.
MC-37	PDF detection has been enhanced with a new type for documents with operations protected (Protected Acrobat PDF Document). These files can be unpacked and scanned.
MC-39	Microsoft Document Imaging (MDI) files are now recognized.
MC-40	Many Open Office document file types are now recognized.
MC-41	Word 2007 documents with Restricted Access were detected as type OLE. Fixed: these documents are now detected as encrypted Word documents.
MC-51	JPEG2000 file type identification has been improved.
MC-52	Some PDF files were not identified as encrypted. Fixed.
MC-54	PDF document unpacking has been improved.

6.1.7.4636 (February 5, 2008)

WM-2596	Additional categories have been added to the Marshal URL Filtering List. In some cases, URLs have been moved from previous categories to the new categories. Administrators using the Marshal URL Filtering List should review the new categories and make changes to category inclusions or rules as appropriate.
WM-2686	After upgrading to 6.1.5 or above, the Server and Array Properties window in the Console could fail to open due to a problem with changed Trickle Transfer values. Symptoms are described in Marshal8e6 Knowledge Base article Q12214. Fixed: Trickle Transfer values above 16MB are reset to 16MB (the maximum allowed).
WM-2693	The Node Proxy service could stop unexpectedly when a configuration reload was requested. This can happen manually by the user clicking Commit Configuration in the console or through a rule that adds items to a URL category. Fixed.

6.1.6.4472 (December 16, 2008)

WM-2570	Active Directory users with fully qualified names over 100 characters were not correctly updated in WebMarshal groups when moved to a different OU. Fixed: names of up to 1024 characters are now accepted.
WM-2589	A problem with checking URL Categories could cause the Engine to stop unexpectedly. Fixed.

6.1.5 (October 23, 2008)

WM-372	It is now possible to view the parent rules of a new rule in the rule completion window or in the rule description pane in the main console view.
WM-720	Registry key references have been changed to Marshal from NetIQ.
WM-747	The WebMarshal Engine can now optionally output a CSV file that records the time taken to run the rules.
WM-833	New Warning message sent to the event log if the Array Manager cannot contact a node.
WM-1342	The Files for Domain window has been reformatted.
WM-1645	WELF log file were not being compressed. Fixed.
WM-1647	When users are running Firefox it sometimes failed to complete the NTLM process. Fixed.
WM-1649	Now unable to enter a license key if it does not support a partnered product (such as a virus scanner) that is installed.
WM-1738	In the active sessions window a user can test their policy by accessing the policy tester window by right clicking on a URL.
WM-1772	If you upgraded WM while leaving the console running you would be asked to accept the license agreement more than once. Fixed.
WM-1785	Layout of the webmarshal.home page has been updated.
WM-1797	Selection and de-selection of rule conditions were not being remembered correctly. Fixed.
WM-1805	WebMarshal users authenticating using NTLM, who were disabled users or whose login required a password change at their next login were unable to log into WebMarshal. Fixed.
WM-1853	When running WebMarshal as an ISA plug-in, Secure NAT mode, computer names were not visible in the Active Sessions window. Fixed.
WM-1920	The size of the graph on the dashboard changed depending on the data displayed. Fixed.
WM-1954	Administrators no longer need to commit the WebMarshal configuration after upgrade.
WM-1981	The WebMarshal installer would not wait long enough before presenting an error message which stated the WMController failed to start. Fixed.
WM-1984	The WMProxy service would terminate unexpectedly if the WMLogon.exe helper application connected to a node that did not have the NDS client installed. Fixed.
WM-1998	When installing a clean install of WebMarshal the default HTTPS content inspection rules now block SSLv2.
WM-2005	The file type blocked in a rule was not being reported correctly, when a user was uploading a file. Fixed.
WM-2026	Sorting TextCensor scripts by selecting a column in the WebMarshal TextCensor window would not sort them correctly. Fixed.
WM-2031	Install Root Content Inspection Certificate is no longer visible when accessing the webmarshal.home website when using WebMarshal in ISA mode.
WM-2032	Now can only add a domain to a category through the HTTPS rules (not a full path).
WM-2033	Sophos for Marshal events were not being displayed in the event viewer. Fixed.
WM-2035	The default view of the event log was sorting the data incorrectly. Corrected so events are sorted by date.
WM-2036	The format of the generate HTTPS content inspection certificate window has changed.
WM-2037	When selecting a user from the Active Directory in the User Account field in the Test Access Policy window, the names were not displayed correctly. Fixed.
WM-2053	Now if a site is added to the Proxy Content Filter Bypass page in the Proxy Server Wizard it is not checked by the HTTPS content restrictions.
WM-2062	When HTTPS URLs have been added to a category in a rule some content was being inspected incorrectly when using the 'skip any remaining rules in this container' action. Fixed.
WM-2081	When WMArrayManager and WMNode are installed on the same server and the server is rebooted an incorrect event log message was being logged that the WMArrayManager and Node had lost contact. Fixed.
WM-2089	The size of the WebMarshal log files has changed to 32MB. When they have reached that size a new log file is created.
WM-2102	When users were re-imported through an Active Directory connector when they changed OU, they were unable to log in. Fixed.
WM-2106	A button called 'Jump to rule' has been added to the Test Access Policy window. Click this to access the rules displayed on the 'Detailed Trace' tab.
WM-2122	Rules configured to block BIN files were triggering on any file of zero bytes. Fixed.
WM-2130	The estimated users counter has been removed from the WebMarshal interface.
WM-2131	The name of BlockSmall.htm block page has changed and a new page called BlockAdvertisingSmall.htm is available. The BlockSmall.htm page is still stored in the same directory for rules that still reference it.
WM-2148	The {} special characters were not supported by WebMarshal text censor scripts. Fixed.
WM-2166	Some browsers forced WebMarshal to generate more than one notification message when a site is blocked. Fixed.
WM-2172	The output in the Detailed Trace tab of the Test Access Policy window has been changed to help make interpreting it easier.
WM-2175	Files could be requested from the WebMarshal Nodes while being written to the Array Manager. This caused the Array Manager to terminate unexpectedly. Fixed.
WM-2180	The tallied amount of URL's and URL wildcards from the print preview screen, when accessed from the URL category node, were not accurate. Fixed.
WM-2182	Filtering lists and access policy were not enabled after importing an exported configuration. Fixed.
WM-2185	There is now the option to add a comment when inserting a URL into a category.
WM-2194	When importing users from an OU the entire root domain was imported. Fixed.
WM-2233	The WebMarshal installer did not differentiate between an ISA upgrade or a chained upgrade. Fixed.
WM-2236	Web requests are now logged immediately after the request is made instead of when the web request is complete.
WM-2243	Some Office 2007 documents could cause the engine to use excessive processing (CPU) time. Fixed.
WM-2244	There was excessive memory consumption in the WMProxy when debug logging had been turned on. Fixed.
WM-2245	A user was not asked for credentials when accessing non-anonymous websites. Fixed.
WM-2247	Some .XML files were not being saved correctly which caused the WMArrayManager to fail when starting. Fixed.
WM-2248	Performance in the WebMarshal console has been enhanced.
WM-2254	Scanner logging added to the WMEngine logs.
WM-2255	Firefox plug-in were not able to update through WebMarshal. Fixed.
WM-2260	WebMarshal was incorrectly identifying certain URLs as the Windows live Messenger protocol. Fixed.
WM-2261	Users were experiencing unnecessary Authentication prompts when browsing to some sites using IE. Fixed.
WM-2262	Categories now support wildcard domain names.
WM-2265	The URL category GUI now allows wildcard entries to be entered when you enter a URL with a wildcard path.
WM-2283	WebMarshal Active Directory Connector locked the policy for a number of minutes when a user group was being refreshed. Fixed.
WM-2284	Some URLs added to a category could have duplicate attributes which prevented the WMController from starting. Fixed.
WM-2293	Added the ability to change the proxy timeout via WMProxy.config.xml. The option has also been changed by default to 90 seconds.
WM-2296	Some installations were experiencing false positive detection of some Yahoo Messenger URLs. Fixed.
WM-2303	A warning is now displayed stating that media streaming is blocked when connection rules options are enabled and when no processing rules are created.
WM-2314	Turning on full logging from the WebMarshal UI was not functioning consistently. Fixed.
WM-2329	When a user tried to view a category that contained duplicate URLs, the Console would display a message stating the item does not exist. Fixed.
WM-2330	FTP servers that denied LIST requests did not function in WebMarshal. Fixed.
WM-2339	Windows Update was not successful when HTTPS content inspection was enabled. Fixed.
WM-2345	IP authentication caused the Array Manager to be locked for an extended amount while attempting a DNS lookup. This prevented users from browsing. Fixed.
WM-2350	The WMProxy could terminate unexpectedly when basic authentication was being used. Fixed.
WM-2351	In some instances the Array Manager and Nodes could lose contact which resulted in the policy not being propagated to the nodes. Fixed.
WM-2354	If an administrator reset the trickle hold back to a value over 16MB, the value in the WM Proxy would be reset to 64KB. Fixed.
WM-2361	Firefox users authenticating using NTLM or basic authentication were repeatedly being prompted for their credentials. Fixed.
WM-2367	Active Directory connector failed to load users from an OU if they had special characters in the name. Fixed.
WM-2379	Active Directory connector did not import users from groups with special characters in the name. Fixed.
WM-2383	Adding URL's with a /* at the end of the domain name into a URL category caused an error. Fixed.
WM-2389	The WebMarshal license expiring email was being sent at random intervals. Fixed.
WM-2407	URL category matches were being incorrectly cached in the WebMarshal engine. Fixed.
WM-2410	Users will now receive fewer file abort pages but will receive block pages instead. This is similar to the behavior in WebMarshal 3.7.5. There is a new trickle transfer rate setting to facilitate this.
WM-2421	An error message would appear in the Console if a parent rule and a child rule had conflicting criteria, i.e. the parent rule was Where the protocol/application is and the child rule was Except where the protocol/application is. Fixed.
WM-2442	WebMarshal could become unresponsive when reloading a user group using Active Directory if a user in the group was deleted or its name had changed in between the reload schedule. Fixed.
WM-2444	The WebMarshal Console could become unresponsive if left open. Fixed.
WM-2446	In ISA plug-in mode, if the proxy setting in the browser used a hostname or FQDN, the connection would bypass the WMFilter Fixed.
WM-2450	The WebMarshal dashboard did not display data for some nodes. Fixed.
WM-2455	When a HTTPS certificate was generated it would disable the HTTPS content inspection. Fixed.
WM-2469	Text Censor scripts did not trigger on some search engine results pages. Fixed.
WM-2472	A new setting has been added to WebMarshal configuration (XML files) to disable display of the File Abort pages.
WM-2491	Computer accounts in Active Directory groups would cause an error in the Array Manager when the groups were reloaded. Fixed.
WM-2512	Active Directory users with names longer than 100 characters were not imported correctly. Fixed.
WM-2521	The 'Proxy-Connection: close' header caused some HTTPS clients to not respond as intended. Fixed.
WM-2540	Removed IP_ from ISA SecureNAT Failed Reverse Lookups.
MC-1	The WebMarshal file type detection module can now check files with Unicode file names.
MC-2	Excel 2003 worksheets created in Excel 2007 were incorrectly recognized as file type OLE. Fixed.
MC-6	WebMarshal can now detect .torrent files.
MC-7	Some PowerPoint files, created in Microsoft Office 2002, were being recognized as generic OLE files. Fixed.
MC-8	UTF8 files that contained a small number of errors were being detected as BIN files instead of TEXT files. Fixed.
MC-9	WebMarshal was wrongly identifying some .dll and .exe files which caused them to be blocked. Fixed.
MC-12	Certain True Type fonts were detected as type BIN. Fixed.
MC-16	WebMarshal can now detect Certificate Revocation List, Firefox update and Google Safe Browsing update files.
MC-20	Certificate Revocation Lists (CRLs) are now detected.
MC-21	Firefox updates (MAR) are now detected.
MC-22	Google Safe Browsing updates are now detected.
MC-25	Some PowerPoint files were incorrectly recognized as OLE files. Fixed.
MC-34	Detection of HTML has been improved where large amounts of other text content was present at the top of the file.

6.1.3 (July 09, 2008)

WM-2269	The WebMarshal Node Proxy service raised unnecessary authentication prompts in certain circumstances. Fixed.
WM-2270	When accessing a FTP site requiring login, WebMarshal did not use credentials passed in the URL and did not correctly prompt for credentials. Fixed.
WM-2271	XML configuration files could be corrupted, causing the Array Manager service not to start. Fixed.
WM-2272	Importing members from an Active Directory OU would import all users from the root domain. Fixed: Only users from the target OU and all contained groups are imported. Note that group structure from AD is not recreated in WebMarshal.
WM-2273	Moving a user between Active Directory groups could cause duplicate AD account names and logon failures. Fixed: if the import process finds an existing AD account name in a different group, the existing user is updated with the new details.

6.1.2.3890 (June 6, 2008)

WM-1670

The WebMarshal Node Proxy service may consume 100% of the CPU power in certain circumstances. Fixed.

6.1.1.3875 (May 22, 2008)

WM-233	ISA SecureNAT mode did not work in 3.7.X. Fixed.
WM-278	The WebMarshal file filter now supports 256 categories.
WM-480	When selecting blocked or warning pages in a Rule action, only the relevant types are shown.
WM-651	Debug output from URLCensor records the lookup results in the Controller log.
WM-852	Array Manager logs now record console users committing, reverting, backing up, and restoring policy.
WM-953	MarshalFilter could return duplicate categories and cause database errors. Fixed.
WM-1163	Memory usage could grow unacceptably when uploading large files. Fixed.
WM-1174	Error messages for the AD and NT Connectors have been improved. Renamed users are updated automatically.
WM-1335	WebMarshal can recognize and unpack 7-zip self-extracting archives
WM-1465	Additional file types have been added for detection: MP4, JPEG2000, and ISA9660 (CD ISO image)
WM-1523	WebMarshal now makes SMTP connections with a FQDN HELO name.
WM-1529	WebMarshal now provides X-Mailer and Message-ID headers in email messages it generates.
WM-1546	Top level OUs can now be selected in the LDAP connector browser.
WM-1555	TextCensor test results did not show the items that triggered. Fixed.
WM-1596	The Active Directory connector login allows entry of any domain.
WM-1603	Network problems on connections between Array Manger, Console, and Filter List updates are now handled gracefully.
WM-1622	Default rules (for new installations) include rules to address leakage of confidential data.
WM-1623	Default mapping of filtering list categories to WebMarshal URL categories has been changed (for new installations).
WM-1641	XLSB (binary Excel) files can now be unpacked and TextCensor applied.
WM-1646	Rule listings in the properties of other objects such as Groups now indicate enabled or disabled status.
WM-1648	The 407 (authentication required) response send by WebMarshal could cause problems with some clients in some cases. Fixed.
WM-1651	Forwarding client credentials of an AD user to a chained ISA server did not work. Fixed.
WM-1658	Virus notification emails to the administrator now include virus details.
WM-1664	WebMarshal now correctly inserts HTTP_VIA headers.
WM-1665	The MarshalFilter last updated time is now displayed in Array Manager local time (not UTC).
WM-1671	File holdback for virus scanning could cause problems with browser timeout when downloading very large files (hundreds of MB). Fixed.
WM-1675	Streaming type selection has been improved for mpeg (`video/x-mpeg, video/mpeg`) and flash (`video/x-flv,video/flv`)
WM-1687	The sequence import-revert-export configuration caused the installation to become corrupt. Fixed.
WM-1697	Disabled rules are now clearly marked as disabled when printing.
WM-1720	Connectors could not be reloaded on a schedule shorter than hourly. Fixed.
WM-1727	Attempting to import URLs with unsupported wildcards could cause an exception. Fixed.
WM-1729	Updating groups from AD with descriptions could cause an error if users had been deleted from AD. Fixed.
WM-1731	Zero length strings could cause services to exit unexpectedly (due to change in behavior in a new version of runtime libraries). Fixed.
WM-1733	The default "hold-back" before trickling a file has been reduced to 5 seconds or 64KB.
WM-1741	A new Norman integration DLL is included in this version. Some deadlock issues are fixed.
WM-1757	The "allow unidentified software to create tunnels" proxy setting did not work when no upstream proxy was configured. Fixed.
WM-1769	Array Manager and Node controller services could be unresponsive when large numbers of email notifications could not be delivered. Fixed: If WebMarshal cannot send notifications, email sending is skipped until configuration is corrected. Warnings are logged to the Array manager log.
WM-1773	The ISA plug-in could occasionally fail to process a small number of requests. Fixed.
WM-1796	Quota blocking actions, and blocking when no connection or standard rules match, are logged.
WM-1801	When adding a URL to a category manually, you can now choose to include base and WWW. variants. You can now choose to include HTTP and HTTPS variants.
WM-1808	Rule conditions have been added for the name or type of parent files (archive or document). Parent type and parent name conditions can apply to immediate, top level, or any parent. Policy tester output has been expanded to show parent conditions. Size conditions do not apply to individual files.
WM-1812	SZDD compressed files are recognized and unpacked.
WM-1824	DBlog files containing invalid XML could cause the Array Manager to fail. Fixed.
WM-1839	Input validation for URLs in the policy tester has been improved.
WM-1874	The Controller service could stop unexpectedly in `LocalPolicy::TransferFileFromServer.` Fixed.
WM-1883	The Proxy service now keeps a HTTP/1.0 connection alive after sending a 407 response, even if not requested by the client.
WM-1896	Insert times for URLs automatically inserted to categories are now in UTC.
WM-1897	The Controller service could stop unexpectedly when changing policy due to a problem with deleting directories. Delete is now retried.
WM-1907	When adding URLs manually, any file name or query string portion is stripped.
WM-1926	The Controller service could deadlock while looking up computer names. Fixed.
WM-1939	MarshalFilter could return duplicate categories and cause database errors. Fixed.
WM-1949	TextCensor can now be applied to RTF files.
WM-1959	msvcr71.dll (Microsoft Visual C redistributable) is now installed if required.
WM-1960	Proxy bypass URL matching could cause the WebMarshal Proxy to stop unexpectedly. Fixed.
WM-1968	A Windows account could not be specified as the Operational User for database logging. Fixed.
WM-2002	The WebMarshal logging database now sets the option AUTO_CLOSE OFF to improve performance and eliminate excess event log entries.

6.0.3.3522 (March 13, 2008)

WM-1803

Browsing performance has been increased by improving IP-to-host lookup times.

6.0.3.3155 (December 06, 2007)

WM-588	Filtering Lists can now be enabled and disabled.
WM-838	NTLM authentication prompts could recur randomly when using Firefox. Fixed.
WM-853	When an IP User Group was created, the Console did not request a commit configuration from the user. Fixed.
WM-864	WebMarshal did not correctly pass FTP credentials as encoded by some browsers. Fixed.
WM-1103	When viewing rules that apply to a user or server, you can now select from items explicitly defined on the object, or effective permissions.
WM-1126	The event log could display entries twice, when both the WebMarshal proxy and Array Manager were configured to run on the same machine. Fixed.
WM-1170	Email notification fields allowed user to enter invalid email addresses. Fixed.
WM-1243	File names containing spaces caused problems when performing a FTP LIST with some IIS servers. Fixed.
WM-1382	The lower pane of the active sessions window was not refreshing. Fixed.
WM-1441	File names containing '&' were not correctly logged. Fixed.
WM-1468	Selecting multiple Users in an imported User Group incorrectly caused a delete button to display (imported users cannot be deleted). Fixed.
WM-1472	Excel 2007 binary files can now be recognized and unpacked.
WM-1474	The Server Properties window sometimes truncated the time zone information. Fixed.
WM-1480	Moving the system time back could cause problems. The clock can now be moved back by up to a day without issues.
WM-1490	Console sorting by columns has been improved.
WM-1492	Days until WebMarshal license expires was reported differently by the Console and the email notification message sent. Fixed.
WM-1494	'Exclude from reporting' did not work correctly for HTTPS sites in Content Analysis rules. Fixed.
WM-1496	When policy is printed, disabled rules now display in gray text.
WM-1507	In a multi-domain Active Directory environment, only one domain could be seen when browsing for users. Fixed.
WM-1510	'Exclude from reporting' did not prevent domain logging in certain cases. Fixed.
WM-1512	File classification is now available as a Standard Rule action.
WM-1517	The installation now includes a tool that can be used to gather information required by Marshal8e6 Technical Support. For details, see Marshal8e6 Knowledge Base article Q11886.
WM-1521	Active Directory would not import more than 1000 users. Fixed
WM-1522	Binding a proxy port to a specific IP address would cause the proxy service to stop on other processing servers in a multi node environment. Fixed.
WM-1528	When an category was added to the MarshalFilter database download, MarshalFilter would fail. Fixed.
WM-1533	Signed files were incorrectly detected as encrypted. Fixed.
WM-1539	Browsing as an IP user could add the IP address to two different IP groups. Fixed.
WM-1540	Users added to groups via overlapping IP address ranges are incorrectly being added to multiple groups. Fixed.
WM-1541	Unable to insert Users or Groups into a newly created Group due to the Group list not refreshing correctly. Fixed.
WM-1548	Unable to delete Users or Groups when entered into a Group due to the Group list not refreshing correctly. Fixed.
WM-1551	Errors from filtering lists are now logged in text logs.
WM-1556	IP-to-hostname lookups for client computers can cause delay when the processing server is in a DMZ. A configuration flag has been added to disable these lookups if necessary. See Marshal8e6 Knowledge Base article Q11895.
WM-1557	Requests that returned a HTTP 304 response could generate a TextCensor error. Fixed.
WM-1561	Importing large numbers of URL categories caused the Console to be unresponsive. Fixed.
WM-1571	Importing an Active Directory group now imports child groups recursively.
WM-1581	When URLs were deleted from a Category, the console did not request a commit configuration from the user. Fixed.
WM-1587	Some virus scanners did not correctly detect password protected archives as "unable to scan". Fixed: By default, WebMarshal instructs scanners to unpack archives. This behavior can be changed with a setting in `WMEngine.config.xml.`
WM-1617	Virus scanning only checked the top level attachment (not unpacked items). Fixed.
WM-1632	The default rules named 'Block-Archives' actually blocked executable files. Fixed for default rules. Existing installations are not changed on upgrade.
WM-1637	License key request could fail because the request did not correctly use the required proxy credentials. Fixed.

6.0.2.2867 (October 23, 2007)

WM-316	The Exclude from Reporting rule action now completely excludes the specific request that triggers it.
WM-318	All components support NTLM authentication to SQL Server.
WM-323	WebMarshal proxy could fail under certain conditions when using the Safari browser on a Macintosh. Fixed.
WM-461	Some sites with trailing periods caused the Sophos virus scanner to generate a 'file could not be opened' error when 'Scan all downloaded text files and html code' was selected. Fixed.
WM-489	Panda anti-virus software is no longer supported.
WM-542	WebMarshal 3.7 (and earlier) License Keys are not supported. You must obtain a new permanent key.
WM-575	WMF files were not properly detected. Fixed.
WM-595	WebMarshal services are automatically added for access through Windows Firewall if possible.
WM-599	See WM-316.
WM-619	The From address for administrative email notifications can be customized.
WM-1016	The number of dump files saved for each service is limited to the most recent 10.
WM-1072	The default domain setting for basic authentication is no longer required.