Security & SQL Database Best Practices

Security & SQL Database Best Practices

Security and Workflows

Connection to the Web Console

Starting with v8.0.1, the CurrentWare web console will have a preconfigured self-signed SSL certificate that is enabled by default. This will ensure that network communication to and from the CurrentWare web console is encrypted.

NOTE: Since this is a self-signed certificate that is not issued by any public certificate authority, you will likely see a warning message in your web browser when accessing the CurrentWare web console from an external computer.

Rest assured that your remote access to the web console is secure; web browsers simply warn users when self-signed certificates are detected as they do not have validation of its legitimacy from a third-party certificate authority.

SQL Server Application workflow

All tracked data is temporarily stored on the local machine where the cwClient is installed. It holds the data in an encrypted local database before it sends the data to the CurrentWare Server.

Once the server receives the data and stores it on the server’s SQL database, it will delete the local data from the local client database.

CurrentWare Client to CurrentWare Server Communications

The Client talks to the Server using socket technology on several CurrentWare ports ranging from 8989 to 8998. You can see each one here: The Client sends the data from the client machines to the server via HTTPS encryption.

CurrentWare Server to SQL Database Communication

The CurrentWare Server will process updates of information to the SQL database by using the default local SQL ports 1433 and 1434.

Support for SQL Transparent Data Encryption (TDE)

Transparent data encryption (TDE) encrypts your SQL Server to improve the security of your database. This encryption is known as encrypting data at rest.

By using TDE you can ensure that in the event a malicious actor is able to bypass your security measures and steal your database, the data remains unintelligible to them without the decryption key.

TDE encrypts the storage of an entire database by using a symmetric key called the Database Encryption Key (DEK). On database startup, the encrypted DEK is decrypted and then used for decryption and re-encryption of the database files in the SQL Server database engine process.

In version 8.0.1+ organizations with paid versions of SQL Server can implement TDE on the SQL database used to store their CurrentWare data.


  • TDE is not compatible with the SQL Express that comes prepackaged with CurrentWare. If you would like to use TDE you must upgrade to a paid version of a SQL server such as SQL Server Standard or SQL Server Enterprise, then migrate your CurrentWare SQL Express database to your new database.
  • If you enable TDE on your SQL database any other software you have connected to that same database will also have TDE enabled. To avoid conflicts with other software that may not support TDE it is recommended that you use a dedicated SQL database for your CurrentWare installation.

When can CurrentWare access my data?

CurrentWare can only access data if a request is explicitly made by an appropriate security contact by the Customer for support.

Our team first attempts to provide support without receiving data or information from the Customer. However, if detailed logs or servers are needed, our Tier 2 Support will request this information from the Customer.

We respect the privacy of the information transmitted to us based on our End User Licence Agreement & Privacy Policies. We will only access the necessary data for support & troubleshooting purposes.

Who has access to my data?

Note: This only applies to BrowseReporter, AccessPatrol & enPowerManager reporting features

The CurrentWare team has no ability to access your users’ activity data unless you explicitly provide it.

The CurrentWare server & client are installed locally on the customer’s PCs & network. Server data is only accessible by your organization’s privileged users with access to the Server PC/location and Console, which is password protected. You can also have your accounts secured with 2-factor authentication.

Client data is hidden on local PCs and encrypted. Once it is transmitted to the server, it is removed from the client side.

Your CurrentWare software deployment can track data from your end user’s Internet, bandwidth, application, PC usage, and endpoint activities with BrowseReporter, AccessPatrol, and/or enPowerManager.

By default, the data you collect remains in your database indefinitely unless you manually delete specific types of data with the included database data deletion tools or you configure the Auto Delete Scheduler to automatically delete data that is older than X days.

2. Best Practices for BrowseReporter Configuration:

a. Do you need to track the browsing bandwidth usage?

If not needed, turning it off will reduce your storage needs.
This is done by going to Settings > BrowseReporter and unchecking “Enable Bandwidth Tracking”

b. Do you want to auto delete data after a specific time period?

The knowledge base to set up that feature up is here: 

c. Set the CurrentWare Server to auto restart after a specified time period (8hrs+)

This will ensure your client connections are always stable and ensure the data is being uploaded efficiently.
This is done by going to Settings > Server Settings and enabling “Restart CurrentWare server every # of hours”

d. On your initial installation: You can immediately remove other CurrentWare solutions from the command line of your CurrentWare server machine.

  1. Run CMD as Administrator
  2. Run this command:
  3. Replace ‘SOLUTIONNAME’ with the unused solution you want to remove. See below what the commands should look like.
    • AccessPatrol:
      REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\AccessPatrol /f
    • BrowseControl:
      REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\BrowseControl /f
    • BrowseReporter:
      REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\BrowseReporter /f
    • enPowerManager:
      REG DELETE HKLM\SOFTWARE\WOW6432Node\CurrentWare\Plugin\enPowerManager /f
      • Important: ONLY remove the solutions you do not use. CurrentWare is not responsible for lost data or improper filtering due to uninstalling wrong solution(s).
  4. Run the command to delete the solution registry.
  5. Then run C:\Program Files (x86)\CurrentWare\cwConsole\cwConsole.exe
  6. The SQL database tables will update to reflect the removals accordingly.
  7. Log back into your Webconsole to see the changes. Removed solutions should now show not installed when selecting them.

    • Related Articles

    • CurrentWare Security Practices

      CurrentWare is committed to the security of its platform, its customers, and their data. Here’s an overview of the security measures we take to keep the CurrentWare Suite safe. Authentication Security Password Protected: The admin console cannot be ...
    • Best practices to block mouse mover software

      Employers have a common concern with productivity when employees are working remotely A common occurrence with remote working is having employees fake mouse and keyboard movements to avoid getting an “idle” or “away” status with related work apps. ...
    • BrowseControl Filter Configuration – Best Practices

      Here are some quick tips that are best practices when dealing with your BrowseControl filtering setup: URL Filtering List (Allow & Block Lists) When adding URLs there are automatically wildcards(*) before and after the entries. Entering “” ...
    • Best practices to catch mouse mover software

      To protect against the potential for data manipulation through the use of mouse manipulation software or physical devices that mimic computer activity, it is essential to be aware of these potential sources of inaccuracy. Through BrowseReporter you ...
    • SQL Server Database and Password FAQS

      This page has some of the most frequently asked questions with how your SQL server interacts with CurrentWare. What is the default SA password for the CurrentWare SQL database? The CurrentWare installer is prepackaged with SQL Express. If you don’t ...