- Dragos Lungu Dot Com - http://www.dragoslungu.com -

McAfee Web Protection Service Review

I've got a special interest in client-side web content filtering and so far I presented 2 solutions which were released in the form of  SaaS : ScanSafe Anywhere + [1]and McAfee Web Protection Service [2]. Too bad I didn't get to test  Anywhere+ but I just finished a test with McAfee WPS and I want to share my opinions. 

I will try to remain as objective as possible and I will present my test results in a "Pros and Cons" list. Also, I want to mention that this post is not sponsored by McAfee.

How does it work
The product philosophy is very simple and it is based on the classic method of transparent redirection of traffic to a fully manageable proxy. Using a web portal [3], The customer has full control over the users, groups and policies applied to each group.

Enforcing the redirection can be done either by installing a web filtering agent on each monitored node or by deploying a custom  .PAC file . (PAC is a proxy mode where the proxy configuration is described in a file using JavaScript, called a PAC file, with .pac as file extension)

Having said this,  this is my list of pros and cons.

Pros

Extremely easy install(i used the supplied client application). It installed silently in the background making it suitable for automatic deployment using GPOs.

Robust installation: I tried all the common tricks to evade the proxy but I couldn't bypass it. I made a 127.0.0.1 entry in the hosts file for the PAC supplid proxy proxy.securewebbrowsing.com and I installed burp proxy [4] locally but to no avail. My guess is that it implements some sort of windows driver monitoring all tcp communication and hooking on the HTTP / HTTPS sessions so that it goes deeper than application layer.

Password protected uninstall . I was this close to get stuck with the agent because I didn't pay much attention  when setting the uninstall password in the portal.

Enterprise ready . One can easily import AD users via a supplied vbs script  and from then on modeling the necessary groups and policies for each group. One user can be a member of only one group though.

Cons

Rigid deployment procedure.
You need to create the users and groups BEFORE installing the agent on the users' computers because adding a new user involves sending out an email for password reset. I'm using gmail and I was unable to reach my mailbox to set a password because the agent blocked any  outbound connection asking for a password. classic Catch-22. 

Lack of details on some blocked sites.
On some sites, all I got was an information screen which didn't help me understand why the site was blocked . see below : [5]

Simplistic / empty  dashboard
The main dashboard presents a series of graphs which were not filled with data, although I provided all sorts of traffic. Being the only backend administration interface,  I was expecting to "get the picture" from one screen. See below how the dashboard looked like when showing data that i know was recorded.
[6]

Poor reporting
I ran a few reports and the data was presented in a tabular form. I was expecting some graphical reports  in the classic form of pies and bars. Here is one report (look at the bottom of the screen. yes, that one row table is  the report)

[7]

This concludes my review on McAfee Web Protection Service. I think it has more power under the bonnet than it shows. The URL reputation is a very powerful feature offered by McAfee TrustedSource [8] :

McAfee® TrustedSource™ is a global threat correlation engine and intelligence base of global messaging and communication behavior, including reputation, volume, and trends, including email, web traffic and malware.

 I recommend it for it's solid features but McAfee should also improve the GUi and the quality of reporting because we all know that management likes nice looking graphs 🙂

[14]