- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-25-2018 03:59 PM - edited 05-25-2018 04:02 PM
Hi, I´m getting some trouble trying to block ultrasurf. First i blocked it with App-ID and everything was ok, until some users of the internal network downloaded a new version to avoid URL-filtering.
Summary of log
Application:SSL
Category:Unknown
NAT Port: 443
IP protocol: tcp
I can´t block SSL or Unknown category because we have an active GlobalProtect VPN, our exchange server and our DVR´s share the same category.
The traffic is detected as Suspicious TLS Evasion found, is using the same ID (threatid eq 14978) our exchange Active Sync server is using and we can´t lose that service. Is there any other way of block it using palo alto? I was thinking in using QoS but that would affect our GlobalProtect users, they often need to transfer big files to the internal network.
Best Regards
07-25-2018 05:23 PM
I found another way to block it. In the domain controller, at group policy managment in software restriction Policies had to block a RND extension. Ultrasurf create a PUTTY.RND in the profile of the user in C:\Users\USERNAME . If you block that file the program stop working.
05-31-2018 09:29 AM - edited 05-31-2018 09:29 AM
Please open a case with Support, we can work with our developers to ensure that our App-ID signature is updated.
07-25-2018 05:23 PM
I found another way to block it. In the domain controller, at group policy managment in software restriction Policies had to block a RND extension. Ultrasurf create a PUTTY.RND in the profile of the user in C:\Users\USERNAME . If you block that file the program stop working.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!