Blocking Tiktok via Firewall Application Control and Endpoint Application and Web policies

Question

Defense contractors and others with government contracts are now required to block access to TikTok. We have a number of customers that fit into this category. 
 Sophos has long had Musical.ly as an available application to block in SF, even in the last couple of days. As of today, now it can be found in the application Filter as TikTok instead of Musical.ly. Same thing, different name. Not sure why it was called Musical.ly in the first place. but now it's much more clear. 
 My employer sent me a firewall for my home-office as I'm remote. since I'm trying to resolve this for our customers, I'm applying it to myself. I created a new Application filter named Block level 5 and TikTok. I added TikTok Deny Always.. 
 Here I have the Application Control applied to my LAN to WAN rule. 
 And Here is TikTok running on Windows just fine. 
 Sophos endpoint will block the website easily enough. I've actually added all the IP addresses, subnets, and FQDNs from the Netify page and from SonicWall's document for blocking TikTok. Here you can see a Web policy (which works) and a Application control policy for BlueStacks. There is no application control for TikTok or Windows Subsystem for Android. 
 
 It still runs. Packet Capture shows traffic to an IP that resolves as an Akamai server. Akamai serves a lot of streaming media so we can't just block them. 
 TikTok is like some crazy virus that works around every effort to block it. Support on ticket 06916584 wants me to submit the executables to Sophos, but not understanding the Microsoft Store doesn't do exe files like the olden days of Windows. Now they are packaged in a different way now and are placed in a folder inaccessible, even to local admin. Unless one wishes to take ownership from Trusted Installer and see what happens for C:\Program Files\WindowsApps\. https://answers.microsoft.com/en-us/windows/forum/all/microsoft-store-downloads-folder/cc682ce8-6e1e-404e-a27e-a543e3afac7f 
 BlueStacks is another Android emulator and that's why the Application control policy for it. Does nothing to stop BlueStacks 5 and BlueStacks X from loading but looks pretty in Central. 
 How do we stop this scourge? 
 
 Thanks! 
 David 
 Sophos Firewall Architect 18-19.5 Sophos Firewall Engineer 16.0-19.5 Sophos Firewall Technician 18-19.5 Sophos Central and Endpoint Engineer 3.0-4.0 Sophos Central and Endpoint Architect 3.0-4.0 Among others...

DavidSain · Accepted Answer

Here is the endpoint policy. A community mod on Reddit suggested adding WSA here. It wasn't immediately obvious that it's there, but I did find it searching for it spelled out and it DOES work to block WSA. It doesn't block BlueStacks though.

Raphael Alganes · Answer

Hello DavidSain , 
 Good day and thanks for reaching out to Sophos Community. 
 Upon simulating, I managed to block Tiktok on Web and Mobile (On Sophos Firewall) using the following instructions from this past thread: 
 How to block Tiktok App (I followed this plainly, even w/o SSL/TLS inspection it was able to stop Tiktok from running on my Windows laptop and Android, iOs device) 
 i can't block tiktok app 
 I am yet to test if Tiktok would be blocked if it is embedded to another allowed website e.g. Facebook. 
 Many thanks for your time and patience and thank you for choosing Sophos

Blocking Tiktok via Firewall Application Control and Endpoint Application and Web policies

Top Replies