Hi All,
We're having a problem with our Web Security.Cloud service.
We've noticed that 50% of the time our end users are being correctly blocked/allowed access to websites that they are browsing, but then randomly they're able to access with full permissions to sites that have been blocked.
After talking to Symantec's support team, our logs have been showing that somehow computer accounts have been accessing these websites, almost on behalf of the user.
This is strange, firstly because computer accounts can't be sync'd over using the schemus tool or via the portal interface.
Secondly, the format of the computer accounts aren't even available in our AD listing, eg. 'mydomain\mycomputer$' instead of 'mydomain\mycomputer'. It's strange how the computers are authenticating through Symantec to access the net, surely the users account should be the sole method of getting out through the Symantec proxy we use?
We've been offered one solution and one 'work-around' - this being to change the squid server config file, which as of yet hasn't worked, and the workaround being to add all computers to a group in AD and sync this over to the cloud interface, applying the relevant policies in the same way as a group of users.
I'd rather get to the core of the problem rather than to stick another layer over to cover the issue.
Has anybody got any ideas?
Thank you.