Blocking Tiktok via Firewall Application Control and Endpoint Application and Web policies

Here is the endpoint policy. A community mod on Reddit suggested adding WSA here.  It wasn't immediately obvious that it's there, but I did find it searching for it spelled out and it DOES work to block WSA.  It doesn't block BlueStacks though.

The XG does not stop tiktok when it is embed in things like facebook pages, maybe Endpoint can but I don't have endpoint at home to try.

Ian

Hi Ian,

SF does not block TikTok when used directly in Windows either.  Likely won't on mobile but I'm loath to install it on my mobile phone.  I know I will at some point because I want to know.

Edit - Yep, TikTok still works on my mobile when on my network.

I'm running XGS116 on 19.5.2 with XStream Protection.

My Mac shows TikTok blocked when I try to access it directly but not through secondary applications.ian

Hello DavidSain ,

Good day and  thanks for reaching out to Sophos Community.

Upon simulating, I managed to block Tiktok on Web and Mobile  (On Sophos Firewall) using the following instructions from this past thread:

 How to block Tiktok App  (I followed this plainly, even w/o SSL/TLS inspection it was able to stop Tiktok from running on my Windows laptop and Android, iOs device)

 i can't block tiktok app 

I am yet to test if Tiktok would be blocked if it is embedded to another allowed website e.g. Facebook. 

Many thanks for your time and patience and thank you for choosing Sophos

Hello DavidSain ,


We tried replicating your scenario and can confirm that Tiktok wasn’t yet added to our app control Database. For the Bluestacks, we need to further check if the currently added version is the one you're currently using. We also tried blocking Bluestacks, and it was accessible after blocking. Note: We used Bluestacks5 for our testing. 

That said, I would like to ask your help in raising two support cases, one for TikTok, an application control request, and the second for the Bluestacks application. You can share both case IDs once created here or directly send a PM to me with the details so that I can help monitor the support cases. 

I have case 06916584 to block TikTok with Endpoint.  Blocking WSA seems to be effective but if it's needed for any other business purposes, it would be nice if only TikTok could be blocked by it.

I opened case 06920646 for BlueStacks.

I looked for an embedded TikTok video and this is blocked by Endpoint. From https://embedsocial.com/blog/embed-tiktok-video/:

Based on Endpoint events, this was blocked by the Web policy as I've added all the FQDNs and IP addresses from Netify and SonicWall.  It's interesting to see TikTok trying to use other addresses to work around being unable to access www.tiktok.com/...

I applied a rule correctly (facepalm) in my firewall and now TikTok is being blocked for all devices when on network.

Hi Raphael,

After resetting the rule in the firewall, TikTok is blocked on mobile devices as long as they are behind the firewall. Application Control apparently works without all the Netify IP addresses and FQDNs. 

As IP addresses are subject to change, using the Netify method is a temporary brute-force method.

In the Firewall, last week, in Application Control, one could apply musical.ly without effect, but this week it's now TikTok (Musical.ly is nowhere to be found in Application filter) and seems to work better.  An update must have come through.

Because I have an endpoint rule to block all of the Netify and SonicWall addresses/hosts/subnets, the embedded web links are blocked for Windows. 

I imagine building out the list of Netify and SonicWall addresses into the Firewall will help also.  It stinks that one has to do so much work to block one app/site.  Have to block the application, have to block the web with ~100 entries.  So users that are mobile with Windows are controlled, have to build it out in Central, then for devices that are mobile, an MDM solution needs to be in place with the same repetition.  

Then repeat for every one of our customers that needs this.

As a recap,

I have TikTok blocked on the network with firewall, 2 different ways:

Application Control, TikTok is now available and works to block TikTok running on Windows or Android in the app. I assume it will block iOS as well.

Web Control, Blocking the entire list from Netify and SonicWall, TikTok can no longer load in a browser, including ads.

I have TikTok blocked in Windows (for mobile users not behind the firewall) with Endpoint using 

Web Control - to block the same list of IPs/Subnets/FQDNs from Netify and SonicWall when using a browser.

Application Control - to Block Windows Subsystem for Android (WSA) when using the App. This blocks anything running on WSA.

To-Do

1) Figure out how to get iOS/Android devices running TikTok marked as non-compliant in Intune. Although my device is Android and registered, I cannot apply any policies to it. This is outside of the scope of working with Sophos.  Approaching this using Android Device Administrator (which is now deprecated) allows me to select applications to block.  Using Android Enterprise, there is no option to select applications to block <facepalm>.  So it looks like we might have to use Sophos MDM. And build all of this out in a third place.

2) Get Sophos to block BlueStacks X (have an open case for this).

This just keeps growing.  And I'm groaning.