- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-05-2015 08:28 AM
There seemed to be a work around in the past where you could launch googledrivesync.exe with a --unsafe_network switch that would allow it to deal with the decryption because they seem to have their own preloaded set of CA's the client trusts and doesn't not look at the OS certificate store for a list of trusted CA's. So anyway this used to work for us, but recently upgraded to 6.1.7 and don't know if Google changes something, but basically no more drivesync client.
I can not disable decryption on Google domain's because I will loose safe search enforcement, youtube safety-mode enforcement, and much else.
Does anybody from Palo Alto have any other work-arounds?
05-02-2016 05:11 AM
I am running version 7.1.1 and I have tested putting "*.dropbox.com" and "*.drive.google.com" on a custom URL category to then attach to a no-decrypt policy. One of the tests I ran was to execute the application with "--unsafe_network" and it worked. I was able to see traffic being decrypted for Google Drive and the behavior of the app was right.
Trying to understand why adding the domain "*.drive.google.com" doesn't work. I am not fond of creating exceptions for domains that are not requested for this particular app to work.
Maybe I will need to have a look into the DNS queries.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!