1. Security and Workflows

Connection to the Web Console

Starting with v8.0.1, the CurrentWare web console will have a preconfigured self-signed SSL certificate that is enabled by default. This will ensure that network communication to and from the CurrentWare web console is encrypted.

NOTE: Since this is a self-signed certificate that is not issued by any public certificate authority, you will likely see a warning message in your web browser when accessing the CurrentWare web console from an external computer.

Rest assured that your remote access to the web console is secure; web browsers simply warn users when self-signed certificates are detected as they do not have validation of its legitimacy from a third-party certificate authority.

SQL Server Application workflow

All tracked data is temporarily stored on the local machine where the cwClient is installed. It holds the data in an encrypted local database before it sends the data to the CurrentWare Server.

Once the server receives the data and stores it on the server’s SQL database, it will delete the local data from the local client database.

CurrentWare Client to CurrentWare Server Communications

The Client talks to the Server using socket technology on several CurrentWare ports ranging from 8989 to 8998. You can see each one here: https://www.currentware.com/support/open-ports/. The Client sends the data from the client machines to the server via HTTPS encryption.

CurrentWare Server to SQL Database Communication

The CurrentWare Server will process updates of information to the SQL database by using the default local SQL ports 1433 and 1434.

Support for SQL Transparent Data Encryption (TDE)

Transparent data encryption (TDE) encrypts your SQL Server to improve the security of your database. This encryption is known as encrypting data at rest.

By using TDE you can ensure that in the event a malicious actor is able to bypass your security measures and steal your database, the data remains unintelligible to them without the decryption key.

TDE encrypts the storage of an entire database by using a symmetric key called the Database Encryption Key (DEK). On database startup, the encrypted DEK is decrypted and then used for decryption and re-encryption of the database files in the SQL Server database engine process.

In version 8.0.1+ organizations with paid versions of SQL Server can implement TDE on the SQL database used to store their CurrentWare data.

⚠️IMPORTANT NOTES

TDE is not compatible with the SQL Express that comes prepackaged with CurrentWare. If you would like to use TDE you must upgrade to a paid version of a SQL server such as SQL Server Standard or SQL Server Enterprise, then migrate your CurrentWare SQL Express database to your new database.
If you enable TDE on your SQL database any other software you have connected to that same database will also have TDE enabled. To avoid conflicts with other software that may not support TDE it is recommended that you use a dedicated SQL database for your CurrentWare installation.

When can CurrentWare access my data?

CurrentWare can only access data if a request is explicitly made by an appropriate security contact by the Customer for support.

Our team first attempts to provide support without receiving data or information from the Customer. However, if detailed logs or servers are needed, our Tier 2 Support will request this information from the Customer.

We respect the privacy of the information transmitted to us based on our End User Licence Agreement & Privacy Policies. We will only access the necessary data for support & troubleshooting purposes.

Who has access to my data?

Note: This only applies to BrowseReporter, AccessPatrol & enPowerManager reporting features

CurrentWare can track data from your end user’s Internet, bandwidth, application, PC usage and endpoint activities with BrowseReporter, AccessPatrol and/or enPowerManager.

By default, it keeps the data within the customer’s database indefinitely.

Since the CurrentWare database is stored on your network, you can decide how much data to keep.

The company’s administrator has the ability to permanently delete older data or set up a schedule to store data for a set period of time.

The CurrentWare server & client are installed locally on the customers PCs & network. Server data is only accessible by your organisations privileged users with access to Server PC/location and Console which is password protected. You can also have your accounts secured with 2-Factor Authentication.

Client data is hidden on local pcs and encrypted. Once it is transmitted to the server, it is removed from the client side.

2. Best Practices for BrowseReporter Configuration:

a. Do you need to track the browsing bandwidth usage?

If not needed, turning it off will reduce your storage needs.
This is done by going to Settings > BrowseReporter and unchecking “Enable Bandwidth Tracking”

b. Do you want to auto delete data after a specific time period?

The knowledge base to set up that feature up is here: https://www.currentware.com/support/can-currentware-delete-older-data-automatically/

c. Set the CurrentWare Server to auto restart on after a specified time period (8hrs+)

This will ensure your client connections are always stable and ensure the data is being uploaded efficiently.
This is done by going to Settings > Server Settings and enabling “Restart CurrentWare server every # of hours”

d. On your initial installation: You can immediately remove other CurrentWare solutions from the command line of your CurrentWare server machine.

Run CMD as Administrator
Run this command:
- REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\SOLUTIONNAME /f
Replace ‘SOLUTIONNAME’ with the unused solution you want to remove. See below what the commands should look like.
- AccessPatrol:
  REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\AccessPatrol /f
- BrowseControl:
  REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\BrowseControl /f
- BrowseReporter:
  REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\BrowseReporter /f
- enPowerManager:
  REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\enPowerManager /f
  - Important: ONLY remove the solutions you do not use. CurrentWare is not responsible for lost data or improper filtering due to uninstalling wrong solution(s).
Run the command to delete the solution registry.
Then run C:\Program Files (x86)\CurrentWare\cwConsole\cwConsole.exe
The SQL database tables will update to reflect the removals accordingly.
Log back into your Webconsole to see the changes. Removed solutions should now show not installed when selecting them.

New to CurrentWare? Get Started Today!

“I chose CurrentWare for the solid product that gave more options with a lower price tag, high accuracy, and solid customer support.” -Vincent Pecoreno Network Administrator, Viking Yachts

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	2 months 11 days 7 hours 3 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GY6RPLBZG0	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Getting Started

Installing CurrentWare

BrowseControl - Web Filter

BrowseReporter - Employee Monitor

AccessPatrol - Data Loss Prevention

enPowerManager - Power Saver

Configuring CurrentWare

Maintaining CurrentWare

Troubleshooting

Security & SQL Database Best Practices