Web Security Service Announcement - Deployment Release

Friday, 26 July 1 minute

The scheduled maintenance has been completed.


Scheduled maintenance is currently in progress. We will provide updates as necessary.


As previously communicated on June 25, 2019, Symantec is performing a service-wide deployment of the Web Security Service release, which started on July 3, 2019, and is completing on July 26, 2019.

Note: For a list of resolved issues that are included in this release, please review the release notes.

New Features and Enhancements:

  • WSS Agent is the next generation of Unified Agent.
  • Block Notification Service (BNS) introduced an OS notification center message for blocking event from CASB CloudSOC gatelet policy; requires WSS-Agent.
  • Audit Logs (Service mode > Account Maintenance > Auditing) previously accumulated beyond one-year. With the exception of legal agreement events, the logs will now expire and be purged after one year. Initial deletions are delayed one month from the date of this service update.
  • The Auditing (Service mode > Account Maintenance > Auditing) page now allows filtering up to one year (a change from the previously afforded two weeks) and search by object type.
  • Audit log downloads are now available via a REST API.
  • The Auth Connector portal page (Service mode > Authentication > Auth Connector) is revised to provide more connection details.
  • Anonymization of the XFF-Header via a synthetic origin source IPv6 address.
  • Force English Translation in End-User Notification pages regardless of browser preferred language. The option is on the Service mode > Notifications > Error Pages page.
  • WSS Support Personnel’s access to customer accounts is now allowed or denied via an option in the portal (previously email approval was used). The option is on the Service mode > Account Maintenance > Admin & Access page. The first row in the table (Support Operators) controls the access

    Timing The maintenance window, which started on July 3, 2019, will complete on July 26, 2019. All maintenance will occur between 18:00 and 06:00 local data center time.

    Customer Impact The following describes what happens to connected clients, depending on the access method used:

  • Explicit proxy / Unified Agent / Proxy Forwarding: The service automatically redirects connections to other active resources within the same data center or geographic location. No customer action is required for failover to occur*.
  • IPSec: A brief failover delay may occur as we redirect traffic to other active resources within the data center. No customer action is required for failover to occur*.
  • During the last day of the maintenance window, administrators actively using the WSS Portal may need to re-authenticate.

    Note: As previously communicated, there will be changes to the Access Log fields The upcoming release contains the following new Access Log fields:

  • x-icap-reqmod-header(X-ICAP-Metadata)
  • x-icap-respmod-header(X-ICAP-Metadata)
  • x-random-ipv6

    Customer Action

  • For WSS customers who import transactional log data into an external system, please prepare to modify your data import and processing.
  • Note: The WSS reporting portal will automatically recognize the new format and reports will be unaffected by this change. When the update occurs, the following WSS Help System topic will be updated. http://portal.threatpulse.com/docs/sol/Solutions/Reference/accesslogformats-ref.htm

    *Oslo and Tel Aviv customers: Please ensure that you have a backup tunnel to an alternate data center prior to the deployment.

    Service Impact This maintenance will be performed on all service components within the data center. These components will be upgraded in rotation, preserving service at each data center at all times*.

    *Oslo, and Tel Aviv will remain down while being upgraded.

    Reporting Problems If you experience issues following this maintenance, contact Technical Support. Support information is located at https://support.symantec.com/en_US.html or on the main Web Security Service Portal page at https://portal.threatpulse.com/.

  • Began at:

    Affected components