Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Tiktok via Firewall Application Control and Endpoint Application and Web policies

Defense contractors and others with government contracts are now required to block access to TikTok.  We have a number of customers that fit into this category.

Sophos has long had Musical.ly as an available application to block in SF, even in the last couple of days. As of today, now it can be found in the application Filter as TikTok instead of Musical.ly. Same thing, different name.  Not sure why it was called Musical.ly in the first place. but now it's much more clear.

My employer sent me a firewall for my home-office as I'm remote. since I'm trying to resolve this for our customers, I'm applying it to myself. I created a new Application filter named Block level 5 and TikTok.  I added TikTok Deny Always..



Here I have the Application Control applied to my LAN to WAN rule.

And Here is TikTok running on Windows just fine.



Sophos endpoint will block the website easily enough. I've actually added all the IP addresses, subnets, and FQDNs from the Netify page and from SonicWall's document for blocking TikTok.  Here you can see a Web policy (which works) and a Application control policy for BlueStacks.  There is no application control for TikTok or Windows Subsystem for Android.

It still runs. Packet Capture shows traffic to an IP that resolves as an Akamai server.  Akamai serves a lot of streaming media so we can't just block them.

TikTok is like some crazy virus that works around every effort to block it.  

Support on ticket 06916584  wants me to submit the executables to Sophos, but not understanding the Microsoft Store doesn't do exe files like the olden days of Windows.  Now they are packaged in a different way now and are placed in a folder inaccessible, even to local admin.  Unless one wishes to take ownership from Trusted Installer and see what happens for C:\Program Files\WindowsApps\.
https://answers.microsoft.com/en-us/windows/forum/all/microsoft-store-downloads-folder/cc682ce8-6e1e-404e-a27e-a543e3afac7f

BlueStacks is another Android emulator and that's why the Application control policy for it.  Does nothing to stop BlueStacks 5 and BlueStacks X from loading but looks pretty in Central.

How do we stop this scourge?

Thanks!

David

Sophos Firewall Architect 18-19.5
Sophos Firewall Engineer 16.0-19.5
Sophos Firewall Technician 18-19.5
Sophos Central and Endpoint Engineer 3.0-4.0
Sophos Central and Endpoint Architect 3.0-4.0
Among others...



This thread was automatically locked due to age.