Getting Started
Quick Start Guides
Email Security Quick Start Guides
Email Security: Quick Start for M365
Email Security: Quick Start for Google Workspace
Web Security: Quick Start
How To Activate Your USS Account
General
What's new ?
Understanding Product Usage
Service IP addresses and ports
End of Life
Supported Browsers
Product Settings
Administrators
Single Sign On
Active Directory
AD Connect software
Roles
Keyword Lists
Devices & Groups
Active Directory Synchronisation Explained
Active Directory Object Synchronisation
Account Password and MFA
Role Builder
Granting access to synchronise Azure AD shared mailboxes
Add the Exchange Online API permission to an existing AAD connection
Verify that Azure AD permissions are granted for Shared Mailbox sync
Google Workspace synchronisation
Web Security
Agents & Gateway
Configuration options for the macOS agent type
Configuration options for the Gateway agent type
Configuration options for the Windows agent type
Configuration options for the Chromebook agent type
Knowledge Base
Bypassing Office 365
Disable QUIC in Chrome Browser
Prevent Law features for UK organisations
Unclassified / Uncategorised Site Processing
Censornet Web Filtering Policy and Approach for Education
List of domains to bypass apps for SSL Interception
Bypass GoToMeeting & LogMeIn
Bypassing the Apple Store
Using Web Security with Sophos
Deployment Overview
Check for the presence of a system proxy user
YouTube appears to work despite Block or Warn final action applied
ERR_CERT_HAS_EXPIRED_ Digicert certificate expiry 2023
Processes used by the USS Agent for Mac OS X
Blocking Embedded Games in Google Search
Enable Enhanced Unpacking Engine
ESET issues identified
Active Directory Login Service
MIME Categories and Types
How to submit a URL reclassification request
Third Party Load Balancer Guides
What happens when my Web Security license is suspended or deleted?
Windows agent - force download of anti-malware database
Change the default listening port for the USS Gateway proxy
SSL/TLS Strict Mode blocked ciphers
How to add a Static Route to the USS Gateway
Export Agents using curl script
Installing an SSL Certificate on iOS 13
CVE-2020-15778
Microsoft Teams Bypass Exception list on mac OS
Custom URL parsing and overlapping patterns
YouTube Safe or Restricted mode enforced by DNS
Safari 17 Proxy Exceptions limit
Alter the default agent configuration poll time
Overview
Rules Engine Concepts
Filter Rules
Feature Control Rules
Browser Categories
Custom URLs
Bypass Categories
Deployment
Agent Configuration Profiles
Unblock Requests
Web Security: Product Configuration
Global Web Filtering Coverage
Web Categories List
Fair Usage Policy for Web & CASB (Inline)
Web Security: Best Practice Guide
Deploying Web Security
USS Agent for Windows
Requirements
Changelog - Windows Agent
Download Microsoft Windows agent
Deploying via Wizard
Deploying via Startup/Shutdown script
Deploying the Windows agent via a custom MSI
Deployment via GPO
Deploying via Microsoft Intune
Command-line parameters
Collecting debug information - USS Agent for Windows
Processes used by USS Agent for Windows
How to disable Device Guard or Credential Guard
Upgrading the USS agent from the v3.x release to the v4.x release
Installing the USS Agent SSL certificate in Firefox
Tray icon status codes
Temporary files generated by the endpoint agent software
Windows Agent Log File Storage
Incompatibility with nmap based products such as Wireshark
Deploying via Microsoft SCCM
USS Agent for MacOS
Changelog - MacOS Agent
Download MacOS Agent
Install - Deploying via Wizard
Collecting debug information - USS Agent for mac OS
mac OS Agent Log File Storage
Deploying the Mac OS X agent using JAMF
USS Agent for Chromebook
Changelog - Chromebook Agent
Download Chromebook agent
Deploying Chromebook agent via Google Admin console
USS Gateway
Configuration
Charts
Authentication & Identification
Network
Settings
System
Advanced configuration
Configuring USS Gateway to work with LoadBalancer.org software load balancer
Regular Gateway server maintenance
Preparing the USS Gateway for use with a load balancer
Installation (v2.x)
USS Gateway - Getting Started
USS Gateway - Requirements
Download Gateway Virtual Machine
Changelog - Gateway
Installation
First time Configuration
Accessing the Command Line
Take Packet Capture From Command Line
Reset Linux Password To Log Into Gateway Command Line
Captive Portal on Samsung Devices
'The Requested Content Was Blocked' Error Message
Resizing a Partition in ESX Server Virtual Machine
Interception of iOS and Android apps (SSL Pinning)
Deploying Web Browser proxy settings
Migrating the SSL intercept certificate to a new gateway
Using an intermediate CA signed by Windows DC root CA
Installing on Hyper-V
Updating the USS Gateway
Importing an SSL Certificate into the USS Gateway
Collecting debug information - USS Gateway
Adding a Static Route on a Gateway
USS Gateway Version 1 to Version 2 Migration
Chromebook Allowlist USS Gateway Proxy
Cloud App. Security (CASB)
Events not arriving for Office 365 Onedrive or Sharepoint
App Catalog
API Integrations
App Catalog List
Email Security
Example Rules
Digest generation and Quarantines
Executive Tracking
Blocking emails from hacked Gmail accounts
Stop specific users from receiving Word documents
Detect credit card numbers in an email
Disable spam filtering for specific mailboxes
Nearby Domain Rule
Reject Disabled user accounts (mailboxes)
How to Prefix a banner to inbound emails
IP Geolocation Connection Rule
CoreService filter classifications
Empty Body Detection
Reject oversized emails
Configure Office 365 for EMS
Safelisting Email Security IP addresses in Office 365
Configure GMail using Google Workspace for EMS
MX records and IP addresses for EU customers
MX records and IP addresses for USA customers
MX records and IP addresses for UAE customers
MX records and IP addresses for all regions
Reporting spam or false positives
Configure outbound email for Exchange 2007/2010
Configuring TLS encryption
LinkScan: on-demand URL protection
Bulk Email & Fair Usage
Queue retention and retry times
Personal Safe Lists and Personal Deny Lists
Configure outbound DMARC
Configure outbound DKIM
Configure outbound email for Exchange 2016
CEA - Data storage explained
Reject message due to message “550 5.1.8 sender denied”
Insufficient system resources message on inbound email delivery
Email Sandbox - Supported file types
Outbound Delivery error: 550 Unable to relay
[Marketing Medium] or [High Medium] prefixed to the subject of mails
DMARC Failure Reporting
Image Analysis for Email supported image types
Powershell Script to list Office 365 Shared Mailboxes
What happens when my Email Security license is suspended or deleted?
Example Spam Digest or Quarantine Report
No Valid MX Record NDR message
How to onboard users into the End User Portal
Installing the Outlook add-in for Email Security
How to avoid multiple disclaimers being added when forwarding or replying to emails
Cisco Fixup Protocol
Adding images to email disclaimers
Reject Top Level Domains
Adding an alias to a primary mailbox
Outlook add-in is not the newest version
Temporary Server Error
Unable to Relay error on outbound email
Notify Recipient/Sender Actions
Managing DNS in Office 365
Upgrading to LinkScan version 2
MX records and IP addresses for India customers
DLP Dictionaries
Executive Tracking with Subject
Activate the Quarantine Portal for Spam Digest users
DMARC Abuse Report received even though it passes DMARC
Display Name Detection
Unable to forward emails from Microsoft 365 accounts
How to configure Authenticated Received Chain (ARC) Inbound
Why do I see No SMTP transport in Email activity?
How to use Custom Rule Data (formerly Dictionaries)
HTML attachments
How to block double extension filenames
Upgrade Outlook Add-in for reporting spam and phishing email
How to use the Domain Name Detection rule
Email Security: Best Practice Guide
How to work with System Locked rules
How to detect simplified Chinese character sets
How does DMARC work?
Securemail (add-on)
SecureMail concepts explained
Configuring SecureMail
Using the SecureMail dashboard
Email Security: Quick Start
Message Rules
Connection Rules
Default Rules
Custom rule Data
Global Quarantine
Personal Quarantine
Spam Deny List
Spam Safe List
Mailboxes
Product Configuration
Group Management
Outlook Add-in V2
Placeholders for inserting message data into actions
Creating Custom Digests
Post Delivery Email Deletion (Retract)
Advanced Email Sandbox - Overview
Redirect emails to a different address
Configure Inbound mail on Office 365 to reject non-EMS emails
Cloud MFA
Managing an MFA lock-out
Count how many users are in an AD group
ADFS Login not being intercepted for MFA
Configure FortiGate to use PAP for Challenge-Response
Quick Start
Authentication Client (server)
Authentication App (enduser)
Third Party Guides
Configuring Windows Logon Protection
Configuring RADIUS Protection
Deploying the Cloud MFA Authentication App
Configuring RD Web Access using IIS Website Protection
Products not supporting RADIUS Challenge-Response
Configuring AD FS Protection
Analytics
Activity Reports
Schedules
Data retention periods
Admin Auditing
Account Settings
Licenses
Notifications
Branding
ASE
Rules
Threats
Event Report
Compliant Email Archive (CEA)
User Guide
CEA User Guide
Viewing and Managing History in CEA
Using the CEA Outlook Add-in
Viewing and Managing Spaces in CEA
Managing Deletion Requests from CEA
Installing the Outlook Add-in for CEA
Legal Hold in CEA
Authorised Delete in CEA
Viewing and Managing CEA results
Google Workspace
Configuring Google Workspace OAuth and Service Account
Integrate Gmail with a CEA
Compliant Email Archive Quick Start Guide
Understanding Data Guardians
Email Archive End User Guide
Configuring journaling on Exchange 365
Configuring authentication with O365 via OAuth
Ingest mail via Mailbox Reader with MSGraph
Configuring an Impersonation Account
Folder Replication Configuration
Assigning delegation via OAuth with User Directory
Compliant Email Archive - LDAP Configuration
Configuring journaling for Exchange and Office 365
Configuring a local user account
Re-enabling Outlook Homepage Tab
Ingest mail via Mailbox Reader for Exchange 2013 - 2019
Ingest mail via Mailbox Reader
End User Email Archive Authentication with ADFS
Legal
Introduction
Privacy Policy
Master Services Agreement (MSA)
Standard Contractual Clauses (SCCs)
Website Usage and Cookie Policies
Posture Management
Google Cloud Platform Onboarding Guide
Microsoft Azure Onboarding Guide
Posture Management Overview
Microsoft 365 Onboarding Guide
Upgrade Notice
AWS Onboarding Guide
Configuring Microsoft Teams alerts
Salesforce Onboarding Guide
DLP
Grammar Regular Expression Engine
Applying a DLP policy in Email Security
Grammar Entity Short Names
DLP Policies
SAT
Safelisting
Allow SAT Domains for EMS customers with Custom Headers
Allow SAT Domains for EMS customers
Allow SAT Domains for non EMS customers
Google Workspace - SAT Safelisting
Custom Headers Allowlisting
How to allow download of images within emails
M365 - SAT Safelisting
Reports
How is the Risk Score calculated?
Export SAT Reports
Summary Tab
How to Filter Report Data
Using SAT Reporting
SAT Reporting Levels
High Risk User List
User Import
Adding a New Admin on the SAT Portal
Manually Adding A New User to the SAT portal
Deleting Multiple Users via a CSV tempate
Setup AD Sync on the SAT Portal
Upload Multiple Users via CSV template
Configure Google User Sync for SAT
On-Demand
Building a Simulation using On-Demand
Using the SAT Sim Creation Tool
Using the On-Demand Feature within the SAT Portal
Calendared Sends via On-Demand
Automatic Course Assignment
Course Reminders
Setup Guide for SAT Portal
How do I Access the SAT Portal as a New User via Email?
Single Sign On (SSO) / M365 Configuration on the SAT Portal
How To See Your Automated SAT Journey
IDaaS
Identity Provider Configuration Guides
Service Provider Configuration Guides
Configuring Microsoft Azure as an Identity Provider
Configuring JumpCloud as an Identity Provider
Dropbox SSO
Salesforce SSO
Google Workspace SSO
Office 365 SSO with External Identity Provider
Product Notice - IDaaS and Office 365 apps
Adding an Office 365 app tile for convenience
Log Streaming
Log Streaming Overview
Log Streaming to Microsoft Sentinel
Log Streaming record format
Log Streaming to Rapid7 InsightIDR
Log Streaming to Amazon S3
Log Streaming to Google Cloud Storage
Log Streaming for Splunk Enterprise or Cloud
Log Streaming to Sumo Logic
Quick Fixes
Identifying Spoofed Emails
DMARC Fail: Alignment reporting
USS Gateway failing to install
Troubleshooting Filter Rules
Allow partial websites/specific YouTube videos
Gateway failing to join the domain - the address handle that was given to the transport was invalid
Gateway proxy authentication pop-up login dialog
Bypasses not applying
USS Gateway IP changes unexpectedly
All Categories > Web Security
53 articles
Detailed description of all the possible configuration options for endpoint agents and network gateways.
4 articles by 1 author
34 articles by 3 authors
At the core of the Web Security product is a flexible Rules Engine that determines how to control and monitor web activity. An understanding of the Rules Engine is important to get the most out of We…
Updated 6 months ago
Before reading this section, make sure you're familiar with the basic Rules Engine Concepts. A Rule is a collection of Conditions , Matches and Actions. Rules are used to apply web filtering, securit…
Updated 3 years ago
The Web Security product uses a database of Web Categories to provide URL reputation. Web Categories are incorporated into Filter Rules and Feature Control Rules in order to allow or deny access to s…
Updated 5 years ago
The Web Security product provides cloud-based Secure Web Gateway, URL filtering and access control for the web using endpoint and gateway agents as enforcement points, across static, roaming and BYOD…
Updated 4 months ago
Before reading this section, make sure you're familiar with the basic Rules Engine Concepts. Feature Control Rules work alongside Filter Rules , and enable you to enforce control over third-party web…
Browser Categories are user-created collections of browsers and version number patterns, which can be used as part of the Browser Type condition in Filter Rules. Browser Categories allow you to contr…
Updated 3 years ago by admin
Custom URLs are user-created collections of website URLs, which can be used as part of the URL Category Match in Filter Rules. Typically, Custom URLs are used to override the system-level Web Categor…
Bypass Categories are similar to Custom URLs , except that they're used by agents to ignore something; for example, a domain, an IP range, a system process or SSL Interception. Bypasses are a powerfu…
Updated 9 months ago
The Deployment section provides an overview of all the deployed Web Security agents that are connected to your USS account. When agents are deployed they are registered to the USS account so that the…
Agent Configuration Profiles are used to manage remotely deployed Web Security agents. Agents download their settings through Agent Configuration Profiles. This makes it possible to manage configurat…
Updated 11 months ago
The Unblock Request system is designed to streamline requests from end-users for websites to be unblocked. It's a more convenient workflow for administrators to maintain custom URL Categories and man…
Updated 4 years ago
The Web Security product has a number of global settings which affect the behaviour of the solution. To access the settings, visit your USS Dashboard and click Products ⟶ Web Security ⟶ Product Confi…
The Unified Security Service is a global cloud platform that delivers a range of Internet security products from a single dashboard. The Web Security and Cloud Application Security products operate f…
Updated 2 years ago
Web Security and CASB (Inline Mode) are licensed by number of users. Below, the following terms are used: Distinct user log entries: Number of unique usernames seen in log entries during a month. Dis…
Updated 5 years ago by admin
Follow this best practice guide to using Web Security. Download the digital PDF edition.
Powered by HelpDocs (opens in a new tab)