Troubleshooting Agentless Notifications
| Limited Availability: Agentless Notification is a Limited Availability feature. To enable Agentless Notification, contact Skyhigh Support. |
Failure to Render iframe
Inspect Transaction
- Check web access logs, DLP incident logs, browser devtools console, and network. Some websites use end-to-end encryption, so Skyhigh Web Gateway cannot inspect the transaction. If SWG does not block the transaction, no notification appears.
Ensure Proper Execution of Injected Agentless Notifications Code
-
Check the browser devtools network flows for https://static.mwginternal.com/blockups.js. If the JavaScript file is not requested, it likely means the Skyhigh Wen Gateway policy is not configured to inject JavaScript on this page, or the page request did not go through SWG.
-
Check the browser console during page load for the Skyhigh block listener initializing. If this message does not appear, it means the JavaScript was either not injected or did not run correctly, likely blocked by a new CSP permutation preventing our code from running.
-
Check the browser console for errors from or reported against blockups.js. If errors or the browser reports are blocking the code due to a CSP issue, the iframe likely won't display.
Open a ticket
-
Provide the browser console (copy all) and the HAR file capturing from the initial page load to the failure to render.
Workaround
-
Disable the Agentless Notifications for this site.
Troubleshoot Broken Functionality on the Original Page
Issue: Blocked Content vs. Agentless Notifications
-
Repeat the test with Agentless Notifications disabled for the site. Perform a full page reload (Ctrl+Shift+R) to remove the agentless injection from the cache. Many pages may exhibit unexpected behavior if network transactions are blocked, regardless of whether agentless notifications are present.
-
Check the browser console for errors related to the Content Security Policy.
Injecting JavaScript into the original page requires carefully modifying the page’s Content Security Policy. This has been tested extensively, but modifications may still break the original page functionality.
Open a ticket
-
Provide browser console (copy all) and HAR file capturing from initial page load through to failure to render.
Workaround
-
Disable the Agentless Notifications for this site.
Alert Message via JavaScript, not iframe
This indicates that the Agentless Notifications cannot create the iframe or the document to present; this can happen for several reasons. This can be a normal situation and not a bug, due to the way some websites are constructed.
-
Look in the browser console for messages from blockups.js. We normally report a reason if we cannot generate the iframe.
Open a ticket
-
Provide browser console (copy all) and HAR file capturing from initial page load through to failure to render.
Workaround
-
Disable the Agentless Notifications for this site.
Unexpected Notifications
This indicates that something is running the web page and triggering a block response from SWG. This is generally not an Agentless Notification issue; it signifies that the policy needs tuning. Agentless notifications make a malfunctioning policy much more obvious to end users.
- Check the web activity logs, DLP incidents, or browser devtools network tab to see why the transaction was blocked.
- Many sites send browser telemetry that can trigger false positives. There is already a DLP Do Not Scan list available to skip scanning browser telemetry, which can be used to reduce false positives.
- Many browser apps retry a transaction even if it is blocked with a 4xx code, which indicates do not retry. This can cause alerts to continue after the first notification is dismissed. Typically, refreshing the page will clear the upload from the browser app queue.
- The policy needs to be updated to either avoid the block or disable notifications on the page in question.
- A feature request is open for Agentless Notifications to control notifications on a policy and/or target site basis.