How to block UltraSurf using Application and Device Control


Article ID: 156096


Updated On:


Endpoint Protection


End users on the corporate network are using a proxy software tool called UltraSurf to bypass the corporate firewall or web filtering product, bypassing the restrictions of the company's content policy.  How can this be blocked with the Application and Device Control (ADC) component of Symantec Endpoint Protection (SEP)?





End users are using UltraSurf to change the Internet Explorer proxy setting.



To prevent the use of UltraSurf in your network, follow these steps on the Symantec Endpoint Protection Manager (SEPM):
  1. Create the Policy in Application and Device Control
  2. Create the rule
    • Name. ex.: "Block UltraSurf"
  3. Create the condition "Registry Access Attempts"

  4. In  the "Apply this rule to the following processes"

    • add
    • in the box "Registry Key"
      • Put the Key:
        "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    • In the Box "ProxyServer"
    • Then OK
  5. Click in the Action tab:
    • In Read Attempt
    • Select "Block Access"
    • In Create, Delete or Write Attempt
    • Select "Block Access"
    • Then OK
    • Put Production
  7. OK


The policy attached below may also be imported into a SEPM and assigned to the client groups for which UltraSurf should be disallowed.




Application Control policy - Block get_app