Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Tiktok via Firewall Application Control and Endpoint Application and Web policies

Defense contractors and others with government contracts are now required to block access to TikTok.  We have a number of customers that fit into this category.

Sophos has long had Musical.ly as an available application to block in SF, even in the last couple of days. As of today, now it can be found in the application Filter as TikTok instead of Musical.ly. Same thing, different name.  Not sure why it was called Musical.ly in the first place. but now it's much more clear.

My employer sent me a firewall for my home-office as I'm remote. since I'm trying to resolve this for our customers, I'm applying it to myself. I created a new Application filter named Block level 5 and TikTok.  I added TikTok Deny Always..



Here I have the Application Control applied to my LAN to WAN rule.

And Here is TikTok running on Windows just fine.



Sophos endpoint will block the website easily enough. I've actually added all the IP addresses, subnets, and FQDNs from the Netify page and from SonicWall's document for blocking TikTok.  Here you can see a Web policy (which works) and a Application control policy for BlueStacks.  There is no application control for TikTok or Windows Subsystem for Android.

It still runs. Packet Capture shows traffic to an IP that resolves as an Akamai server.  Akamai serves a lot of streaming media so we can't just block them.

TikTok is like some crazy virus that works around every effort to block it.  

Support on ticket 06916584  wants me to submit the executables to Sophos, but not understanding the Microsoft Store doesn't do exe files like the olden days of Windows.  Now they are packaged in a different way now and are placed in a folder inaccessible, even to local admin.  Unless one wishes to take ownership from Trusted Installer and see what happens for C:\Program Files\WindowsApps\.
https://answers.microsoft.com/en-us/windows/forum/all/microsoft-store-downloads-folder/cc682ce8-6e1e-404e-a27e-a543e3afac7f

BlueStacks is another Android emulator and that's why the Application control policy for it.  Does nothing to stop BlueStacks 5 and BlueStacks X from loading but looks pretty in Central.

How do we stop this scourge?

Thanks!

David

Sophos Firewall Architect 18-19.5
Sophos Firewall Engineer 16.0-19.5
Sophos Firewall Technician 18-19.5
Sophos Central and Endpoint Engineer 3.0-4.0
Sophos Central and Endpoint Architect 3.0-4.0
Among others...



This thread was automatically locked due to age.
Parents
  • Here is the endpoint policy. A community mod on Reddit suggested adding WSA here.  It wasn't immediately obvious that it's there, but I did find it searching for it spelled out and it DOES work to block WSA.  It doesn't block BlueStacks though.

    Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Central & Endpoint Architect 3.0, 4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

Reply
  • Here is the endpoint policy. A community mod on Reddit suggested adding WSA here.  It wasn't immediately obvious that it's there, but I did find it searching for it spelled out and it DOES work to block WSA.  It doesn't block BlueStacks though.

    Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Central & Endpoint Architect 3.0, 4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

Children
  • The XG does not stop tiktok when it is embed in things like facebook pages, maybe Endpoint can but I don't have endpoint at home to try.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    SF does not block TikTok when used directly in Windows either.  Likely won't on mobile but I'm loath to install it on my mobile phone.  I know I will at some point because I want to know.

    Edit - Yep, TikTok still works on my mobile when on my network.

    I'm running XGS116 on 19.5.2 with XStream Protection.

    Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Central & Endpoint Architect 3.0, 4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

  • My Mac shows TikTok blocked when I try to access it directly but not through secondary applications.ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.