This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
VIKAS_SINGH
Contributor
‎2025-02-11 11:26 PM

Ultrasurf Block on R81.20

Hi Team,

I m trying to block ultrasurf but its not getting , when check logs its ultrasurf is block but i am to acceess.

 

 

ultrasurf block logs.png
Preview file
67 KB
able to open ultrasurf.png
Preview file
381 KB
0 Kudos
11 Replies
emmap
Employee
Employee
‎2025-02-12 12:08 AM

I don't know that being able to open its page on the chrome web store is a valid test. 

0 Kudos
VIKAS_SINGH
Contributor
‎2025-02-12 12:16 AM
In response to emmap

yes, i am able to add chrome extension and able to use facebook which we blocked.

 

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-02-12 01:01 PM

Traffic is allowed towards the chrome store not the ultrasurf website. If you want to manage web browser extensions it should be done on GPO level (AD). Or block the chrome store, but then you block all extensions

If user installs extension does this extension work? If so, do you run HTTPS inspection? Or you have categorize https websites enabled? 

https://community.checkpoint.com/t5/Management/Difference-between-HTTPS-Inspection-and-Categorize-HT...

-------
If you like this post please give a thumbs up(kudo)! 🙂
VIKAS_SINGH
Contributor
‎2025-02-13 04:57 AM
In response to Lesley

hi,

Ultrasurf is vpn proxy which used to bypass the firewall to use block website, so when we add ultrasurf on ext it will allow you to access all blocked content.

 

Go through below link

Solved: Best Practices Against Ultrasurf - Check Point CheckMates

Ultrasurf.JPG
Preview file
34 KB
Ultrasurf Apllication Object.JPG
Preview file
19 KB
0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-02-13 08:09 AM
In response to VIKAS_SINGH

Let me change my questions, why would you let users to install any extension what they want?

Now it is Ultrasurf next week something else. I think you should start with the basic and do something with GPO. There are malicious extension for example: https://www.kaspersky.com/blog/dangerous-browser-extensions-2023/50059/

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
VIKAS_SINGH
Contributor
‎2025-02-16 10:18 PM
In response to Lesley

we are doing setup for University where students will BYOD and we don't have control over them, so need to block what possibility we found .

0 Kudos
the_rock
Legend
Legend
‎2025-02-17 04:15 AM
In response to VIKAS_SINGH

What was already suggested is probably your best bet.

Andy

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-02-17 01:21 PM
In response to VIKAS_SINGH

So no https inspection. That will be a pain. Is categorize https websites enabled in Smart Console? 

Lesley_0-1739827251371.png

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
‎2025-02-15 05:16 PM
In response to VIKAS_SINGH

Were you able to fix it?

0 Kudos
the_rock
Legend
Legend
‎2025-02-12 06:01 PM

What @Lesley said is 100% correct. I will test this in my lab tomorrow, since I have ssl inspection enabled, but I doubt it will be any different.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-13 08:27 PM

Allowing users to install random browser extensions is considered poor practice.

Having said that, to fully block Ultrasurf, you need to make sure you have a strict outbound policy (only specific web ports allowed) and use HTTPS Inspection + App Control.
Ultrasurf is also known to be very evasive and we’ve had to adjust the signature for it in the past. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top