Skip to content Skip to main navigation Skip to footer
Wavecrest Knowledge Base

General

How to resolve certificate-issued errors in browser

Category: Administration, Filtering, General

When attempting to go to a blocked secure site (HTTPS), users may experience any one of the following errors depending on the browser:

  • In Internet Explorer: There is a problem with this website’s security certificate.

CertError

  • In Chrome: Your connection is not private

CertError_Chrome

  • In Firefox: Your connection is not secure

CertError_Firefox

These are certificate-issued errors that occur if the Wavecrest certificate is not installed in the following scenarios:

  1. SSL Inspection is not enabled, and the user is attempting to go to a blocked secure site.
  2. SSL Inspection is enabled, and the user is is attempting to go to a blocked or allowed secure site.

The user does not receive the CyBlock blocking message for blocked secure sites. This is because even though a standard HTTP blocking page can still be presented to a workstation for blocked secure sites, since it is not part of the secure, encrypted HTTPS connection, the browser automatically ignores it.

To allow the blocking message to render properly for blocked secure sites or to permit users to access allowed secure sites with SSL Inspection enabled, the Wavecrest certificate needs to be installed on the CyBlock server and all client machines. More information and installation instructions can be found in the Wavecrest Certificate Installation Guide.

If you have any questions, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

CyBlock/Cyfin service or interface issues

Category: General

If you are running into an issue with the CyBlock or Cyfin service, such as the service will not start, or the user interface will not show up when the service is started, run the following command to get more data on the service for Technical Support to analyze:

Windows

  1. For CyBlock, go to …Wavecrest\CyBlock\wc\service.
    • For Cyfin, use …Wavecrest\Cyfin\wc\service.
  2. Stop the CyBlock/Cyfin service.
  3. Open the service.conf file with WordPad as administrator.
  4. Find and change the field wrapper.console.loglevel=NONE to wrapper.console.loglevel=INFO.
  5. Save the file.
  6. Start the CyBlock/Cyfin service.
  7. In a command prompt, change directory to …Wavecrest\CyBlock\wc\service or …Wavecrest\Cyfin\wc\service.
  8. Run the wrapper.exe service.conf command.
  9. Restart the CyBlock/Cyfin service.
  10. Stop the wrapper.exe service.conf command with Ctrl+C.
  11. Copy and paste the contents from the command into a file and save the file.
  12. Send the file to support@wavecrest.net.

Linux

  1. For CyBlock, go to …Wavecrest\CyBlock\wc\service.
    • For Cyfin, use …Wavecrest\Cyfin\wc\service.
  2. Stop the CyBlock/Cyfin service.
  3. Open the service.conf file with a text editor.
  4. Find and change the field wrapper.console.loglevel=NONE to wrapper.console.loglevel=INFO.
  5. Save the file.
  6. Start the CyBlock/Cyfin service.
  7. In a command prompt, change directory to …Wavecrest\CyBlock\wc\service or …Wavecrest\Cyfin\wc\service.
  8. Run the ./wrapper.exe service.conf command.
  9. Restart the CyBlock/Cyfin service.
  10. Stop the ./wrapper.exe service.conf command with Ctrl+C.
  11. Copy and paste the contents from the command into a file and save the file.
  12. Send the file to support@wavecrest.net.

Automatic service start in a Linux environment

Category: Administration, General

In order to automate the start of any Wavecrest process in a Linux environment, please perform the following steps:

  1. Install the Wavecrest product.
  2. Copy the file …/wc/service/cyfin.init (or cyblock.init).
  3. Paste the file into the /etc/rc.d/init.d directory.
  4. Open the file in an editor.
  5. Locate the three instances of:
    • $USER_INSTALL_DIR$
  6. Replace each line with the appropriate install path:
    • /root/Wavecrest/CyBlock
    • /root/Wavecrest/Cyfin
  7. Save the file as “CyBlock” or “Cyfin.”
  8. Run one of the following commands:
    • chkconfig –level 2345 CyBlock
    • chkconfig –level 2345 Cyfin
  9. systemctl enable CyBlock.service

 

 

 

Enabling X11 upstream forwarding

Category: Administration, General, Network Configuration

Forwarding of X11 source IP information can be enabled by editing the proxy.cfg file.

  1. Navigate to C:\Wavecrest\CyBlock\wc\cyblock\db.
  2. Stop the CyBlock service.
  3. Open proxy.cfg in an editor such as NotePad.
  4. Between the  <TOP> and </TOP> entires, add the following line:
    • <param keyword=”xforward_enabled” value=”true” />
  5. Restart the CyBlock service.

 

Error: Unable to verify latest version

Category: General

When performing a product update through the interface, you may be presented with the error “Unable to verify latest version.” This can appear when using the machine name in place of the IP address to access the interface.

  • Change http://servername:7999 to http://IPaddress:7999 and attempt the update again.

 

If you still experience a problem, please contact Technical Support.

Broken links in Cyfin or CyBlock interface

Category: General

If you are experiencing broken or missing links within the product interface, Active Scripting may be disabled in the browser.

To enable Active Scripting:

  1. Go to Tools – Internet Options – Security – Internet – Custom Level.
  2. Look for the Scripting section and enable the Active Scripting.

If the problem persists, please contact Technical Support.

 

NIC card teaming software issue

Category: General

It has been reported that CyBlock may stop while proxying machines that are incorporating NIC teaming software.

Removing the teaming software from the machines alleviates this issue. Below, is Wavecrest Computing’s official statement on the matter.

 

Since NIC teaming is only provided by hardware vendors (i.e., not supported by Microsoft), Wavecrest is currently not providing support for this technology. As a result, Wavecrest may ask that you temporarily disable or remove NIC teaming software when troubleshooting issues where the teaming software is suspect. If the problem is resolved by the removal of NIC teaming software, further assistance must be obtained through the hardware vendor.