Skip to content Skip to main navigation Skip to footer
Wavecrest Knowledge Base

Administration

Product installation stalls at 4% during upgrade

Category: Administration

This article addresses a product installation possibly stalling during an upgrade. There is a folder that is moved during the upgrade and then put back in place after the upgrade. This is the point at which you may experience the installation being stalled at 4%.

Note the following:

  • The length of time that the installation will take depends on the amount of time that is takes to move the folder (based upon the size of the folder) during the upgrade and paste back into the correct location after the upgrade completes.
  • The affected files are in ..\wc\jetty\interface\myfiles.
  • The myfiles folder will be very large and contains your previously run reports.

Perform the following steps:

  • Stop your Cyfin/CyBlock service and move the myfiles folder out of the install path to a different/temporary location.
  • Run the upgrade.
  • Stop your service again and move the folder back to the original location.

You should now be up and running with the upgraded version of the product.

Configuring Sophos UTM for Cyfin syslog

Category: Administration, Log File Compatibility

In order for Cyfin to analyze the Sophos UTM firewall data, you must perform the following steps to produce the proper syslog data:

  1. Set up the Web filtering option.
    • To set up the Web filtering functionality on the Web server, go to Web Protection – Web Filtering – Global and click the enable button.
  2. Syslog settings are configured in WebAdmin on the Logging & Reporting – Log Settings – Remote Syslog Server tab.
    • On this tab, multiple target syslog servers may be added, and logs may be sent to any TCP or UDP port. (Most systems will default to UDP port 514.)
    • If syslog messages cannot be delivered, they will be buffered and re-sent when possible.
    • By default, up to 1000 logs will be buffered. This feature is most reliable when using TCP as it will detect when message deliveries fail more accurately.
    • When using UDP, a failure will only be detected if the target IP is online and able to respond with an ICMP (Internet Control Message Protocol) service unavailable message.
  3. Once syslog targets have been configured, the logs to send via syslog must also be selected on the same screen. By default, none are selected. Select the Web Filter log file type, and click Apply.

Now you can proceed to configure Cyfin to receive these syslog data records.

Additional Resources:

Office 365 will not activate when browsers are set to go through CyBlock

Category: Administration

If you are attempting to activate your Office 365 products through CyBlock and are unsuccessful, please try the following steps:

  1. In your CyBlock interface, go to User Management – Authentication.
  2. Click the Bypass tab.
  3. Click the green plus icon to add a new bypass entry.
  4. Add the following two URLs to bypass authentication:

– For URL or Domain, enter *.microsoftonline.com (with asterisk). For User-Agent, enter * (asterisk).

– For URL or Domain, enter *.live.com (with asterisk). For User-Agent, enter * (asterisk).

This should now allow your products to activate properly.

Supported browsers for CyBlock Client

Category: Administration

CyBlock Client can be installed on Windows 10, 7, and XP machines and works with Chrome, Internet Explorer, and Firefox. The Edge browser is not compatible with CyBlock Client because of a change in the technology of this new browser.

You may want to remove Edge to avoid it being inadvertently used by CyBlock Client. See How to Remove Microsoft Edge from Windows 10 for more information.

For instructions on how to install and use CyBlock Client, see CyBlock Client User Guide.

If you have any questions, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Google Geolocation Issues

Category: Administration

Introduction

CyBlock Cloud utilizes gateways located in data centers in the U.S., U.K, and Canada. Users are provisioned on a proxy close to their geographical location to ensure the best performance as well as delivery of appropriate regional content.

This article describes how to resolve the possible problem of Google assigning an incorrect geolocation to your Google searches. If this happens, Google is detecting your egress IP address or the source IP address of your request incorrectly. This is an issue for any multiregional cloud provider as well, not only Wavecrest, and there seems to be no easy solution.

Issues

You may experience one of the following issues:

  • Your google.com home page does not match with your location. For example, this could be happening to you if you are in the U.S. but are being sent to the Google home page for Canada (www.google.ca).
  • The Google site is correct, but your search results are not relevant to your location, that is, results for the wrong city or region are being shown.

Solution

Wavecrest has extensively researched this issue and found it to be Google’s geolocation algorithm. This issue affects any cloud service vendor that covers customers across multiple geographical regions. We continue to communicate with Google, but so far they are unwilling to change their algorithm. We suggest the following:

  • If you are experiencing a geolocation error or do not want to use your local Google site, you can bookmark http://www.google.com/ncr. Anytime you visit this page, you will be redirected to google.com instead of the incorrect Google site or your local Google site.
  • Alternatively, if you have been redirected by google.com to another Google site (like google.ca), click the “Use Google.com” link in the bottom-right corner of the page to get to google.com. However, the suggestion above will produce better results.
  • If your search results are not relevant to your location, change your location on Google as follows:
Google Chrome
    • Go to www.google.com and perform a search.
    • Scroll to the bottom of the search results page. Your location will be displayed on the left side.
    • To update your location, click Use precise location.
    • Below the address bar, if a panel appears from the Lock icon indicating that www.google.com wants to know your location, click Allow. See https://support.google.com/websearch/answer/179386 for more information.
    • Reload the page, and Use precise location is replaced by Update location at the bottom of the page.
    • If you click the Lock icon next to the Web address, you will see that under Permissions, Location is set to Allowed by you (i.e., the “Always allow on this site” option is selected in the drop-down list). Google.com will be added as a Geolocation exception, i.e., this site will always use your exact location information.
    • To allow all sites to use your exact location automatically, change the Content settings in Chrome:
      • At the top right, click the Customize and control Google Chrome icon and then Settings.
      • At the bottom, click Show advanced settings.
      • Under Privacy, click the Content settings button.
      • In the dialog that appears, scroll down to the Location section. Select Allow all sites to track your physical location. See https://support.google.com/chrome/answer/142065 for more information.
Windows 10
    • Go to Settings – Privacy – Location.
    • Under Location, if you see “Location for this device is off,” click Change and set the slider to “On.” This sets the location service to on so that Windows, apps, and services can use your location.
    • Under General location, set the slider to “On” so that apps that cannot use your precise location can still use your general location, such as city, zip code, or region.
    • You can also set a default location so that Windows, apps, and services can use the default when a more exact location cannot be detected.
      • Under Default location, click Set default. Then click Set default location and enter your address. Close the Maps window.
    • To allow default apps to use your precise location, under Choose apps that can use your precise location, set the apps to “On.”
Microsoft Edge
    • Go to www.google.com and perform a search.
    • Scroll to the bottom of the search results page. Your location will be displayed on the left side.
    • To update your location, click Use precise location.
    • At the bottom of the page, click Yes to “Let google.com use your location.”
    • Click Yes to “Let Microsoft Edge access your precise location.”
    • Reload the page, and Use precise location is replaced by Update location at the bottom of the page.
Mozilla Firefox
    • Go to www.google.com and perform a search on Google.
    • Scroll to the bottom of the search results page. Your location will be displayed on the left side.
    • To update your location, click Use precise location.
    • Below the address bar, a panel appears from the Lock icon asking if you want to share your location with this site, google.com.
    • From the Share location drop-down list, select Always Share Location. Use precise location is replaced by Update location at the bottom of the page. If you click the Lock icon next to the Web address, you will see that under Permissions, Access Your Location is set to Allow.
  • Another option is to use a different search engine such as Yahoo or Bing. You will find that your search results match with your location.

Please note that the suggestions in this article reduce the likelihood that these issues will occur, but they may not completely resolve them and are not as a result of a Wavecrest issue.

If you need assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Cannot log on to interface after interactive report password reset

Category: Administration, Reporting

This information applies to version 9.2.4 and earlier. Version 9.2.5 and later resolve this issue.

If you are attempting to get to an interactive report and have forgotten the password, DO NOT attempt to reset the password from the interactive report Logon screen. If you have done this and cannot log on with any accounts, please do the following:

  1. Stop the CyBlock/Cyfin service.
  2. Open the following file with a text editor as an Administrator:
    • For CyBlock: …Wavecrest\CyBlock\wc\cyblock\db\accessAccounts.xml
    • For Cyfin: …Wavecrest\Cyfin\wc\cf\db\accessAccounts.xml
  3. Locate the following class:

<new class=”wc.browser.accounts.browserUserAccountData”>
<set username=”report_viewer” />
<set authenticationType=”NO AD” />
<set password=”0x1f1ee81c8d844aebda077ca24d8ce9ca” />
<set temp=”true” />
<set fullname=”Report Viewer” />
<set emailAddress=”first.last@company.com” />
<set homeDir=”C:\TEMP” />
<set accountType=”2″ />
<class allowedGai=”wc.browser.accounts.browserAllowedGaiData”>
</class>

  1. Change true to false.
  2. Save the file.
  3. Start the CyBlock/Cyfin service.

You should now be able to log on to the interface once again. If you are still seeing issues, please contact Technical Support at support@wavecrest.net.

Windows 10 Windows Update Delivery Optimization

Category: Administration

Prior to Windows 10, updates to Windows and other Microsoft products were downloaded only from Microsoft servers. Windows Update connected to Microsoft servers, checked if any updates were available, and if available, downloaded them to your computer.

This has changed in Windows 10, which introduces the Windows Update Delivery Optimization feature, wherein your computer may get updates from or send updates to neighboring computers or computers on your network. Although this would mean that you get updates much faster, it would also possibly increase your proxy/bandwidth utilization causing degradation in your proxy performance.

You can disable and turn off the Windows Update Delivery Optimization (WUDO) feature in Windows 10.

To turn off the feature, follow these steps:

  1. Open Settings.
  2. Click Update and Security.
  3. Under Windows Update, click Advanced Options on the right side of the window.
  4. Under Updates from more than one place, click Choose how updates are delivered and then move the slider to OFF to disable WUDO. In moving the slider to OFF, your PC cannot download updates from anywhere other than Microsoft servers.
  5. If you would like to download updates from PCs to your network, keep the slider in the ON position, and select PCs On My Local Network. The other option is PCs on My Network and PCs on the Internet. This is the option that is possibly causing extra utilization of your bandwidth through your proxy.

 

Dashboard charts are not showing data

Category: Administration

If your Dashboard charts are not showing any data, use the steps below to determine and resolve the issue:

  1. Go to …\wc\[cyfin|cyblock]\db to locate the Superview.pre923 folder. If it exists, it means that your Superview folder was too large and was archived.
  2. Run the following command line command:
    • For Cyfin:

    “<user_install_dir>\wc\jre\bin\cyfin” -Xmx256m -classpath “<user_install_dir>\wc\*;<user_install_dir>\wc\libs\*” wc.ia.TimeOnlineDatabaseModifier “<user_install_dir>” cf Superview.pre923

    For example:

    “C:\Program Files\Wavecrest\Cyfin/wc\jre\bin\cyfin” -Xmx256m -classpath “C:\Program Files\Wavecrest\Cyfin\wc\*;C:\Program Files\Wavecrest\Cyfin\wc\libs\*” wc.ia.TimeOnlineDatabaseModifier “C:\Program Files\Wavecrest\Cyfin” cf Superview.pre923

    • For CyBlock:

    “<user_install_dir>\wc\jre\bin\cyblock” -Xmx256m -classpath “<user_install_dir>\wc\*;<user_install_dir>\wc\libs\*” wc.ia.TimeOnlineDatabaseModifier “<user_install_dir>” cyblock Superview.pre923

    For example:

    “C:\Program Files\Wavecrest\CyBlock/wc\jre\bin\cyblock” -Xmx256m -classpath “C:\Program Files\Wavecrest\CyBlock\wc\*;C:\Program Files\Wavecrest\CyBlock\wc\libs\*” wc.ia.TimeOnlineDatabaseModifier “C:\Program Files\Wavecrest\CyBlock” cyblock Superview.pre923

  3. Stop the service.
  4. Rename the Superview folder to “Superview.tmp.”
  5. Rename the Superview.pre923 folder to “Superview.”
  6. Start the service.
  7. Confirm that your historical Dashboard data is now present.

If you need assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Selecting WatchGuard log file configurations in Cyfin

Category: Administration, Log File Compatibility

Syslog Configuration

In Cyfin, the following WatchGuard syslog log file configurations are available:

  • WatchGuard Syslog
  • WatchGuard Syslog (HTTP)
  • WatchGuard Syslog (HTTPS – Bytes)
  • WatchGuard Syslog (HTTPS)

WatchGuard supports byte information for HTTP as well as HTTPS traffic. To assist you in selecting the appropriate syslog log file configuration, determine what you need from the following:

  • For all Web traffic with no byte information, configure WatchGuard Syslog.
  • For a complete picture of your Web traffic, configure WatchGuard Syslog (HTTP), WatchGuard Syslog (HTTPS – Bytes), and WatchGuard Syslog (HTTPS).

Cyfin can be set to receive syslog data from your different WatchGuard devices. Each different device would have its own log file configuration.

Cyfin Syslog Server listens for syslog messages from your WatchGuard device. Both UDP-based and TCP-based messages are supported.

  1. Select the WatchGuard Syslog log file configuration in Cyfin for your WatchGuard device.
  2. Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log. NOTE:  For WatchGuard Syslog (HTTPS – Bytes), and WatchGuard Syslog (HTTPS), this is all that is needed.
  3. For WatchGuard Syslog and WatchGuard Syslog (HTTP), select Enable Syslog Server.
  4. For Port Type, select UDP or TCP for the Internet protocol you want to use.
  5. In the Listening Port field, the default port number is 1455. The listening port will be used by your WatchGuard device to transfer the data. You may change this number if necessary.
  6. At your WatchGuard device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
  7. Your log files will be created and displayed in the Log File Viewer in Cyfin.
  8. If you have many of the same WatchGuard devices, use one log file configuration with one listening port, and point each WatchGuard device to the same listening port.

Database Configuration

The WatchGuard PostgreSQL database configuration is also available.

We recommend that you install Cyfin on the same box with the WatchGuard Log Server (PostgreSQL) for easier configuration and speed. Your PostgreSQL database should also be an external database in order for Cyfin to read the log files. Note that Cyfin cannot read data from a database configured in WatchGuard Dimension.

Before trying to connect Cyfin to your WatchGuard Log Server, make sure you have selected to Send logs to WSM Server on the WatchGuard Logging page.

You will need the following information to connect Cyfin to the WatchGuard Log Server PostgreSQL logs:

  • Server Name
  • Database
  • Port
  • User Name
  • Password