01-25-2022 12:44 AM
Hello,
I have noticed that some of our employees are using a brave browser and can easily open blocked websites like Facebook, crypto, games etc. what's the way to block brave browsers.
Thanks:
01-25-2022 06:12 AM - edited 01-25-2022 06:30 AM
Maybe write an application signature that matches the User-Agent header. you can use as an examples:
Create a Custom Application (paloaltonetworks.com)
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK
My article for referer header but the principle is the same, just find what is the User-agent string for the browser you want to block:
Better if you have EDR/Endpoint Protection or Active Directory to block and delete the browser software on the endpoints themselves.
01-25-2022 07:48 PM
Don't use the firewall to do something it wasn't ever designed to do. User-Agent strings are just that, strings, easily modified in any browser to bypass any restriction you put in place. If your employees are already using Brave to bypass filtering you can also ensure that they'll quickly find out you can modify the User-Agent string to whatever they want and bypass your block.
Instead, do as @nikoolayy1 mentioned at the tale end of his post and use something on the endpoint to block installation of Brave outright. If you have utilize Windows and Active Directory you can easily activate AppLocker and block any publisher you want through AppLocker rules and GPO. Intune and other MDMs can do the same, and the vast majority of Antivirus or EDR solutions can do the exact same thing as long as you have something actively installed and managing these endpoints.
01-26-2022 02:45 AM
Hi,
i think the employees use the "Tor Tabs" Feature. see https://brave.com/privacy-features/
So your approach should not to "Block Brave" but Block Tor connections.
Greetings
01-26-2022 04:01 AM
Coudl you please show me how can i block Tor
03-24-2025 07:49 AM
To effectively block the TOR network on firewalls, you can use EDL, I have left a list from the Tor project
https://www.dan.me.uk/torlist/
Block the above list using EDL (external Dynamic list) with an update period of every 24 hours.
03-26-2025 10:03 AM
Hello,
I would not recommend a custom application as this disabled a lot of the real-time active threat scanning for that policy its applied to. You can instead block applications that are already existing to prevent its use. I know that it uses DNS over HTTPs so blocking that should prevent most users.
Also enabling SSL decryption and URL filtering should block most features and destinations the users are attempting to access.
Regards,
03-26-2025 10:09 AM
Hello,
For blocking TOR, I would recommend two things:
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
