Google Drive Sync client with Decryption

bbilut — Mon, 05 Oct 2015 15:28:24 GMT

There seemed to be a work around in the past where you could launch googledrivesync.exe with a --unsafe_network switch that would allow it to deal with the decryption because they seem to have their own preloaded set of CA's the client trusts and doesn't not look at the OS certificate store for a list of trusted CA's. So anyway this used to work for us, but recently upgraded to 6.1.7 and don't know if Google changes something, but basically no more drivesync client.

I can not disable decryption on Google domain's because I will loose safe search enforcement, youtube safety-mode enforcement, and much else.

Does anybody from Palo Alto have any other work-arounds?

Re: Google Drive Sync client with Decryption

r3dp1ll — Mon, 02 May 2016 12:11:31 GMT

I am running version 7.1.1 and I have tested putting "*.dropbox.com" and "*.drive.google.com" on a custom URL category to then attach to a no-decrypt policy. One of the tests I ran was to execute the application with "--unsafe_network" and it worked. I was able to see traffic being decrypted for Google Drive and the behavior of the app was right.

Trying to understand why adding the domain "*.drive.google.com" doesn't work. I am not fond of creating exceptions for domains that are not requested for this particular app to work.

Maybe I will need to have a look into the DNS queries.

topic Google Drive Sync client with Decryption in General Topics

Google Drive Sync client with Decryption

Re: Google Drive Sync client with Decryption