UltraSurf 18.02

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
Sanoviv_Medicis
L0 Member

UltraSurf 18.02

Hi, I´m getting some trouble trying to block ultrasurf. First i blocked it with App-ID and everything was ok, until some users of the internal network downloaded a new version to avoid URL-filtering.

 

Summary of log

Application:SSL

Category:Unknown

NAT Port: 443

IP protocol: tcp

 

I can´t block SSL or Unknown category because we have an active GlobalProtect VPN,  our exchange server and our DVR´s share the same category.

The traffic is detected as Suspicious TLS Evasion found, is using the same ID (threatid eq 14978) our exchange Active Sync server is using and we can´t lose that service. Is there any other way of block it using palo alto? I was thinking in using QoS but that would affect our GlobalProtect users, they often need to transfer big files to the internal network.

 

Best Regards

1 ACCEPTED SOLUTION
Sanoviv_Medicis
L0 Member

I found another way to block it. In the domain controller, at group policy managment in software restriction Policies had to block a RND extension. Ultrasurf create a PUTTY.RND in the profile of the user in C:\Users\USERNAME . If you block that file the program stop working.

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!