This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BLOCKING of ULTRASURF addons/extensions in Google Chrome browser?

Hi Sophos Community

Good Day,

Is there any way to block  ultrasurf addons/extensions in google chrome browser?

Or is there anyway that the users may have not access to add utilities on Google chrome - browser?

Scenario.

Web protection > transparent mode > decrypt and scan > anonimyzers and utilities

Filter action

* Block anonymizers and utilities
* Block jobsearch

But after turning on of ultrasurf addons in my browser.. you can now browse anything you want

Thank you

PS.
I already been blocked these urls after searching in sophos community but sadly no luck, ultrasurf still running

https://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/
http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/
https?://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/

 

 

 

 



This thread was automatically locked due to age.
Parents Reply Children
  • Yes they are using it.  I've talked to them already but they will come back with something else to bypass the proxy.  The Untangle transparent bridge is not an issue to setup.  Hardware req plus 20 minutes to setup.  No problem at all.  Then I'll feel much better about my edge security setup.  Not being able to block something like this is a large Pita.     

  • Here's Sophos take / reply on the issue if anyone is interested

     

    After testing in my lab environment, I've been able to confirm the following:

    a.  The browser Chrome add-on/extension version of Ultrasurf is not covered under Ultrasurf for Application Control

    - as per Development, "Our current product limits application control block only to executable components, meaning that jar files, msi's, configuration files, etc won't be block which causes us problems with the browser plugins or extension as category. "

    b.  In order for the desktop application version of Ultrasurf to get blocked by Application Control, you must have a HTTPS decrypt & scan Transparent Policy covered the intended networks.  Reason being is that Ultrasurf doesn't adhere to the PAC file telling it to proxy traffic through the UTM, therefore when the application tries to connect directly to the public IP address, it would technically be hitting the next Transparent Mode policy (which for your environment is URL filtering only)

    c.  Oddly enough, even though the add-on version of Ultrasurf isn't covered by Application Control, enabling a Transparent mode HTTPS decrypt & scan policy seems to stop Ultrasurf from connecting, or stops browsing through Ultrasurf if it does connect......almost as if decrypting the traffic breaks the application