This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

UltraSurf 18.02

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

UltraSurf 18.02

Go to solution
Sanoviv_Medicis
L0 Member

‎05-25-2018 03:59 PM - edited ‎05-25-2018 04:02 PM

Hi, I´m getting some trouble trying to block ultrasurf. First i blocked it with App-ID and everything was ok, until some users of the internal network downloaded a new version to avoid URL-filtering.

 

Summary of log

Application:SSL

Category:Unknown

NAT Port: 443

IP protocol: tcp

 

I can´t block SSL or Unknown category because we have an active GlobalProtect VPN,  our exchange server and our DVR´s share the same category.

The traffic is detected as Suspicious TLS Evasion found, is using the same ID (threatid eq 14978) our exchange Active Sync server is using and we can´t lose that service. Is there any other way of block it using palo alto? I was thinking in using QoS but that would affect our GlobalProtect users, they often need to transfer big files to the internal network.

 

Best Regards

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
Sanoviv_Medicis
L0 Member
In response to mivaldi

‎07-25-2018 05:23 PM

I found another way to block it. In the domain controller, at group policy managment in software restriction Policies had to block a RND extension. Ultrasurf create a PUTTY.RND in the profile of the user in C:\Users\USERNAME . If you block that file the program stop working.

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
mivaldi
L7 Applicator

‎05-31-2018 09:29 AM - edited ‎05-31-2018 09:29 AM

Please open a case with Support, we can work with our developers to ensure that our App-ID signature is updated.

0 Likes Likes

Go to solution
Sanoviv_Medicis
L0 Member
In response to mivaldi

‎07-25-2018 05:23 PM

I found another way to block it. In the domain controller, at group policy managment in software restriction Policies had to block a RND extension. Ultrasurf create a PUTTY.RND in the profile of the user in C:\Users\USERNAME . If you block that file the program stop working.

0 Likes Likes
  • 1 accepted solution
  • 8723 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks