This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AttiqRahman786
Contributor
Contributor
‎2024-08-28 01:46 AM

Need to block access to Microsoft Copilot

Hello All,

I have blocked ChatGPT and Google Gemini, using their respective apps in App&URL policy. the access to these two is blocked.

but i cannot block Microsoft copilot uisng the "Microsoft Copilot" app.

I have also tried creating a custom app, using chat.bing.com which is forwarded to bing.com/chat, without any luck. Customer do not want to get blocked for bing.com, but only the chat/AI should be blocked.

Also tried blocking bing.com/chat (chat.bing.com gets forwarded to this) and used Regex as well, but for some reason, Microsoft copilot is not getting blocked.

even tried to manually override the bing.com/chat category. 

SMS and Gateways on R81.10 JHA take 156.

Any help will be much appreciated.

 

Thanks

 

0 Kudos
16 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-08-28 03:51 AM

Have you tried the "Artificial Intelligence" category or is there a reason that you're attempting to be more specific?

CCSM R77/R80/ELITE
AttiqRahman786
Contributor
Contributor
‎2024-08-28 03:55 AM
In response to Chris_Atkinson

Yes i did try that first. it blocks lots of internal apps as well that are required. so decided to block only the specific ones.

Funny thing is Microsoft copilot was not blocked even when using the whole AI category.

Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-08-28 04:02 AM
In response to AttiqRahman786

You can add the specific application to the rule:

 

Microsoft Copilot.png

0 Kudos
AttiqRahman786
Contributor
Contributor
‎2024-08-28 04:11 AM
In response to Tal_Paz-Fridman

Yes i have done the same thing. ChatGPT and Google Gemini are being blocked but not Microsoft Copilot.

Please see the image attached.

 

 

Preview file
23 KB
0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-08-28 04:16 AM
In response to AttiqRahman786

I see. I will ask relevant teams to look at this.

0 Kudos
AttiqRahman786
Contributor
Contributor
‎2024-08-28 06:38 AM
In response to Tal_Paz-Fridman

Thanks a lot.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-28 08:44 AM
In response to AttiqRahman786

If you haven't already, I suggest opening a TAC case: https://help.checkpoint.com 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-08-28 11:24 AM

I did exactly what @Tal_Paz-Fridman suggested, worked fine. I also made sure its inspected by https policy and verified copilot.microsoft.com is blocked as well.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
AttiqRahman786
Contributor
Contributor
‎2024-08-28 11:49 AM
In response to the_rock

That could be the thing. we have not enabled https inspection, instead using SNI, and its working for other two Apps. not for MS Copilot though.

due to the URL redirection, I guess SNI is not working as expected.

@PhoneBoy  what do you think, should raise a TAC case?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-08-28 11:57 AM
In response to AttiqRahman786

That could be the issue, you most likely need ssl inspection turned on, not sure how it can work otherwise.

Andy

 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-08-28 12:00 PM
In response to AttiqRahman786

Also, check out this post from 2021. I know that was before R81.20, but it has lots of GREAT responses.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Categorize-HTTPS-Websites/m-p/134729/emcs_t/S2...

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
AttiqRahman786
Contributor
Contributor
‎2024-08-28 12:35 PM
In response to the_rock

That was a good read. Thanks a lot.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-08-28 02:02 PM
In response to AttiqRahman786

No problem. @_Val_ explained it really well in one of his posts there.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-28 04:26 PM
In response to AttiqRahman786

To block a specific URL (e.g. bing.com/chat), you definitely will need HTTPS Inspection.
Possible that is required for the App Control signature to work.

0 Kudos
AttiqRahman786
Contributor
Contributor
‎2024-08-29 02:47 AM
In response to PhoneBoy

Yes i understand. Thanks a lot.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-08-29 05:00 AM
In response to AttiqRahman786

100% you would need ssl inspection enabled for the app control to fully function, for sure.

Let me try explain it in simple terms, hope it will make sense, but if not, let me know...so with ssl inspection on, fw will act as MITM (man in the middle), intercepting requests between client/server. Without it, yes, you can block pages, BUT, block page will never show up, as there would be nothing for the firewall to inspect/intercept.

Same goes for any app you wish to block.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events