You want to learn about the best practices for configuring and using Symantec Endpoint Protection (SEP) and Web Security Services (WSS) Traffic Redirection (WTR).
Ensure your clients regularly update to the latest WTR content in order to maintain the best possible performance and functionality.
Symantec has made several enhancements to the WSS integration feature of the SEP client since the its initial release in SEP 14.0.1 MP1. One example of these enhancements is Seamless Integration, which was added to the SEP 14.2 client for Windows clients. In order to take advantage of the latest functionality enhancements, ensure your clients use the latest version of the SEP client.
Ensure that there are no entries for Symantec.com domains (e.g. *.wss.symantec.com) in the WSS bypass list. If wss.symantec.com is bypassed, the SEP Local Proxy Service will be unable to complete the seamless authentication handshake when using a SEP Integration Token.
For situations that require bypassing network traffic from the Windows Local Proxy Service, Symantec provides an exe utility called LPSFlags.exe. This tool allows swapping out the default proxy.pac hosted by LPS with a custom PAC file to bypass the necessary traffic (e.g. SSL VPNs).
For more information on LPSFlags.exe, refer to Bypass Endpoint Protection Web Traffic Redirection using LPSFlags.exe.
SEP for Mac clients cannot make use of custom proxy settings for LiveUpdate while WTR is enabled, instead sending the traffic direct. This is by design and requires custom proxy settings be disabled when WTR is in use. For more information, see Mac clients do not honor custom proxy settings for LiveUpdate with Web Traffic Redirection.
If your clients connect to the Internet through a corporate proxy or firewall, ensure you allow unrestricted access to the DNS addresses the SEP client will need for access/authentication.
|proxy.threatpulse.net:8080||Proxy connection to WSS|
The egress IP must be static when using WTR. In situations where multiple egress IPs are available and load balanced end-users utilizing WTR will observe frequent and intermittent 407 Proxy Authentication Required responses resulting in a disruptive web browsing experience.
Citrix Receiver and Citrix Workspace clients must be configured to bypass WTR to ensure reliable connectivity/functionality of the Citrix client. See Citrix clients fail to connect with Web Traffic Redirection for more details.
Ensure any 3rd party agents that normally inject a monitoring module (.dll) into running processes are configured to exclude the SEP client's main processes (ccSvcHst.exe) from injection. The SEP client contains security features that will cause the application to crash rather than allow 3rd party code to be injected into the running process. See Symantec Endpoint Protection Local Proxy Service fails to start for more information.
Some common examples of 3rd party applications that perform process injection are Citrix agents, and AppSense.
Web browsing performance can be significantly impacted by slow DNS responses. For best results, Consider using a DNS provider with a Service Level Agreement, or proven track record of providing DNS responses within a range of no longer than 50 milliseconds.
Clients leveraging Cisco's Umbrella DNS service must be configured to bypass the WSS for the Umbrella DNS service IP addresses. Sending Umbrella traffic through the WSS will result in DNS response times well above 1 to 2 seconds and will result in Web page load times orders of magnitude slower than on a client using a DNS server with a sub-50 milisecond repsonse time. See Slow web browsing through Endpoint Protection Web Traffic Redirection with Cisco Umbrella DNS service for more information on bypassing Cisco's Umbrella DNS server addresses.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.