This document contains release notes for WebXM Server
components. WebXM Server is composed of the
The following recommendations will increase WebXM performance and are highly recommended for larger sites:
§ Significant scan improvements in AppScan Enterprise 4.5 SP1 have, in some cases, increased the length of a scan.
§ All historical data in the security reports will be lost in an upgrade from SecurityXM 4.0 SP5 to ASE 4.5. This is a result of new issue categories being added in AppScan Enterprise 4.5. These categories were introduced to match those of AppScan 6.0. These new categories also align with current WASC threat classifications. Additionally, the way issues are being counted has changed in ASE 4.5, as each variant is no longer counted individually. This means the aggregate number of issues in ASE 4.5 would drop significantly from what would have been reflected in SecurityXM 4.0. Only the reports will be lost, and not the job set properties. The job can be re-run. You will need to specify IP ranges for the scan.
§ If a word already exists in the dictionary in upper case form and, through the Spelling Errors reports, you attempt to add the lower case version of the word an error will occur. The lower-case version of the word can still be added to dictionary manually. Lower-case words in the dictionary will find the upper or lower case version of the word on the website acceptable. If a word is in upper case in the dictionary only upper-case versions of that word will pass.
§ For existing SecurityXM customers upgrading to WebXM 4.5 on Windows Server 2003, any attempt to import an AppScan Results File greater than 20 meg in size will result in a file not found error. The workaround is documented in the Help files on the import scan page.
§ If an account other than ASPNET has been configured to host ASP.NET, that account needs to be granted certain privileges in Local Security Settings.
§
A user must run IE in the account that is
running the Watchfire WebXM Agent Service at least once for the execute
JavaScript or InteractionXM scripts to function. Both of these features use
components of the IE browser. If the browser has not been run, the "run
once" (e.g. setting up the connection settings that IE prompts the user
for on the first run of the browser) items will prevent scripts from being run.
§ If Service Pack 4 is applied to a Windows 2000 installation, the Configuration Wizard will need to be re-run to apply these needed privileges to the (default) ASPNET account.
§
Priority 3 (Checkpoint 10.5 - Separate Adjacent
links with more than whitespace) will be falsely flagged as an error if
".</strong>" appears between two links. This flag will not
occur if the code is changed to "</strong>." (i.e. placing the
"." after the strong tag).
§
A Content Scan will not
differentiate domains based on port number. For example, if the scan job
properties start a scan at http://www.somesite.com:8080/index.htm, all links
within the http://www.somesite.com/ domain will be treated as internal.
§
When running an Infrastructure Scan
Job, inaccurate results will be obtained if the number of threads exceeds the
capacity of the scanning machine. The default number of threads has been set to
100, and the recommended platform is P3 1GHz or better. However, other
environmental factors may come into play. If you are experienced connection
timeouts, pinned CPU, or database errors, try reducing the number of threads in
the job options.
§
When using WebXM e-mail alerts,
ensure that WebXM is updated if the destination e-mail account is deleted.
WebXM cannot detect that the account no longer exists and will keep trying to
e-mail to the invalid address. One method to alert the administrator to this
issue is to edit the "from" address in the Windows Registry on the
server where the Alert Service is installed. For example
[HKEY_LOCAL_MACHINE\SOFTWARE\Watchfire\WebXM\Alert Service] "SmtpMsgFromRouteAddress"="alerter@watchfire.com".
§
Uninstalling a Watchfire product
from a system where multiple Watchfire products have been installed may remove
files required by the remaining Watchfire product installations. If a Watchfire
product is uninstalled, it is recommended that you repair the remaining
Watchfire product installations as follows: run Control Panel, select
Add/Remove Programs, select each remaining Watchfire product in turn, press
Change and then select Repair.
§
Note that the most recent IE browser
for Apple Macintosh computers is 5.22. IE Version 5.5 or greater is required
for full
§
If the installation is cancelled, a
large file will be left in the "C:\Program
Files\Watchfire\Installations" folder. The file has the file extension .msi
and can be deleted providing the related WebXM component is not installed on
the system (this will happen in the case where the installation was being done
for an upgrade).
§
In the
§
Changing the font size
settings in a browser may cause some minor display issues in the
§
Changing
job options and then regenerating reports prior to a new scan may cause reports
to display invalid data. For example, disabling reports listed in the
"Report Types" or enabling grouping by metatag will not take effect
or provide meaningful results until the job is rerun.
§
Redirects can cause misleading
results in the Broken Links report. Links that are actually redirected to
invalid URLs will not be reported as broken links. For instance, if page A
contains a redirect to Page B, which in turn is redirected to Page C, the
Broken Links report will not list page A if page C is an invalid URL. It will
report it as a broken link if Page B is an invalid URL.
§
When configuring Orphan Analysis,
verification of duplicates is case-sensitive, regardless of the job setting for
case-sensitivity. For instance, www.sample.com and www.SAMPLE.com will not be
reported as duplicates.
§
Some report options are
automatically changed if an invalid entry is made. For example, if an integer
value is expected, any decimal values will be truncated automatically. The
value will be stored in the database in its modified form. The resulting value
will be shown the next time the properties are viewed.
§
Using an
Ampersand ("&") in a webspace name can cause corrupt query
strings. The problem will only occur when the Webspace is entered and then the
Personalize function is selected.
§
The MSDE installer does not set the
database service to automatically start. It is recommended that after MSDE is
installed the SQLSERVERAGENT be set, in the Services Panel, to automatically
start. If the WebXM Configuration Wizard is run and the MSDE service is not
running, the Configuration Wizard will report that it cannot find the service.
§
When viewing reports, IIS may
automatically cache ASP templates and script engines. This can use large
amounts of memory on the server. This can be controlled using IIS settings.
§
The last updated time for jobs will
be updated for cancelled jobs. The report pack update time will show the old
date until the report is viewed. At that time the date will be updated to match
the last run time from the job.
§ Deleted jobs are not immediately deleted from the dashboard. The next time a job that is still displayed on the dashboard is run the dashboard will be updated. This also applies to jobs that are deleted due to a module being removed.
§
The link limit for link limited scans will be
exceeded for resumed scans. If a job is suspended, the link count is restarted
at zero when the suspended job is resumed.
§
Pages with frames can cause pages to
be reported as not having a privacy statement when a website user will actually
see a privacy statement when viewing the complete page. This occurs because the
page being reported does not actually contain the privacy link, but one of the
surrounding frames does.
§
The Privacy Statement Links report
only reports on html pages. For this reason the Number of Pages Scanned on the
Job Properties report (accessed from View the Job Properties link in reports)
may be different from the number reported by the Privacy Statement Links
report. The Job Properties report shows a count of all parseable page types.
Copyright © 1996-2008 Watchfire, an IBM Company. All rights reserved.