Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Websense Appliance at 100% CPU - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Websense Appliance at 100% CPU

Some readers have reported in (Thanks!) that their inline Websense appliances are spiking to 100% after an update. The Websense team is aware and quickly working on a fix we are told. If you are seeing this behavior please let us know!

 

Richard Porter 

@packetalien

richard at pedantictheory dot com

Richard

161 Posts
ISC Handler
From Websense's support site: "ALERT - 10-JULY-13 @ 10:57 AM PDT: A problem with a recent real-time Websense database update is currently impacting Websense proxy servers. This is affecting all web security customers. Engineers are working to resolve these issues. CURRENT STATUS: Active"
Richard

3 Posts
Yeah we are seeing this, every appliance spiked at 100%, applying fix now.
Richard
1 Posts
Turning off all advanced scanning features restored functionality for our users, albeit it at a reduced security posture.

Under scanning options, I turned off:
-Analyze content to categorize sites not in the Master Database
-Analyze Web traffic for application protocols tunneling over HTTP and HTTPS.
-Analyze Web content in incoming traffic and block malicious content
Brett Kopetsky

2 Posts
A manual WCG database update fixed the proxies at 3:50 PM EDT. A manual email gateway update done after 4:30 PM fixed the ESGs. We did have to restart those services to get the CPU low enough to take it.
Anonymous
What's the version number of the updated database?
Brett Kopetsky

2 Posts
We are presently at v7.7.3 and the DB we show is 04387 and are now working fine again.

We experienced failure to load, DNS host not found, and sluggish loading for over 4 hours.

Websense support has sent an email with some details.
Brett Kopetsky
42 Posts

Sign Up for Free or Log In to start participating in the conversation!