Cloud SWG (WSS) common application bypasses
search cancel

Cloud SWG (WSS) common application bypasses

book

Article ID: 222807

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

The WSS Agent provides the ability to add web application executables to a WSS Agent bypass list.

Use Case—Connection Errors

  • Some clients with WSS Agent might not connect to web applications through WSS. The issue is prevalent when WSS is integrated with CloudSOC for CASB inspections.
  • A common lost connection cause is when a thick client pins a certificate. The connection breaks when WSS inserts its SSL certificate. Dropbox is a prominent thick-client example of this use case.
  • Furthermore, when WSS encounters this issue, it is not able to display response messages to the requesting clients. Nor are any error codes returned. The end user's perspective is that the application is not working, which then instigates support calls and troubleshooting.
  • WSS bypasses or blocks connections from the thick app (for example—Dropbox), but the website (for example—www.dropbox.com) is susceptible to defined WSS policies (content, malware, DLP).

Connections on macOS Big Sur

  • On macOS 11. x (Big Sur), VPN and meeting software might experience connections issues when a network extension such as WSS Agent is installed. You can bypass these applications.

Use Case—Strategic Bypass

Bypass applications (such as a VPN client) to negate having to bypass VPN and SAML IP addresses.

General Rules

  • Prefer using wildcards to entering in multiple distinct paths.
  • For macOS, you should double-asterisk (**) wildcard everything past the .app or .systemextension you are trying to bypass.
  • For Windows, you should double-asterisk (**) wildcard everything within the installation directory to cover all binaries for that application.
  • Group all the paths and certificates for an application in a single "Executable Bypass" in the portal.  You can safely combine both Windows and macOS configurations into a single application.
  • On macOS Big Sur, network extensions get staged into the /Library/SystemExtensions/<OS-DEFINED-HASH>/ directory.  You will need to use a single asterisk (*) to match the OS-defined hash value.
    When entering in paths and certificates to the portal, do not wrap in quotes or try to escape spaces.  Enter the values exactly as provided.


See WSS Agent—Bypass Applications for more information

Resolution

Application List

The following tables can be used to determine a set of application bypasses suitable for that app.  The paths and certificates will include all locations on both macOS and Windows for the applications.

  • To bypass applications on macOS Big Sur, you should be running WSSA 7.3.5 or later.
  • Any applications downloaded from the macOS App Store will be signed by Apple Mac OS Application Signing.  The tables below only include the certificate information for standalone installers.
  • For applications on macOS with a space in their path, certificate validation will only work if running WSSA 7.4.1 or later. To run these bypasses on macOS with WSSA 7.3.x, you will need to select the "None" validation in the WSS portal.
  • Only information from the latest versions of the applications is listed below.  Older versions may install in different locations and/or have different certificates.
  • If you choose validation with Signing Certificate for your bypassed applications, make sure to add seperate unique entries for macOS and WindowsOS with paths and signing certificate information.
  • When entering the signing Certificate subject name information for validation, the name must match exactly as obtained from the application properties. (see certificate signing information in table below)

 

VPN Applications

 

Application Paths Certificates
Palo Alto GlobalProtect
  • /Applications/GlobalProtect.app/**
  • /Library/SystemExtensions/*/com.paloaltonetworks.GlobalProtect.client.extension.systemextension/**

 

  • C:\Program Files\Palo Alto Networks\GlobalProtect\**

         MacOS signing certificate info

  • Developer ID Application: Palo Alto Networks (PXPZ95SK77)

         Windows signing certificate info

  • Palo Alto Networks
Cisco AnyConnect
  • /Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/**
  • /Library/SystemExtensions/*/com.cisco.anyconnect.macos.acsockext.systemextension/**

 

  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\**

         MacOS signing certificate info

  • Developer ID Application: Cisco (DE8Y96K9QP)

         Windows signing certificate info

  • Cisco Systems, Inc.
Pulse Secure
  • /Applications/Pulse Secure.app/**
  • /Library/Application Support/Pulse Secure/**
  • /Library/SystemExtensions/*/net.pulsesecure.firewall.systemextension.systemextension/**

 

  • C:\Program Files (x86)\Pulse Secure\**
  • C:\Program Files (x86)\Common Files\Pulse Secure\**

         MacOS signing certificate info

  • Developer ID Application: Pulse Secure LLC (3M2L5SNZL8)

       

         Windows signing certificate info

  • Pulse Secure, LLC

 

Video Conferencing Applications

 

Application Paths Certificates
Cisco Webex
  • /Applications/Cisco Webex Meetings.app/**
  • /Users/*/Library/Application Support/WebEx Folder/*/Meeting Center.app/**

 

  • C:\Users\*\AppData\Local\WebEx\**

         MacOS signing certificate info

  • Developer ID Application: Cisco (DE8Y96K9QP)

         Windows signing certificate info

  • Cisco WebEx LLC
Microsoft Teams

 

  • /Applications/Microsoft Teams.app/**

 

  • C:\Users\*\AppData\Local\Microsoft\Teams\**

         MacOS signing certificate info

  • Developer ID Application: Microsoft Corporation (UBF8T346G9)

         Windows signing certificate info

  • Microsoft Corporation
New Microsoft Teams 

 

  • C:\Program Files\WindowsApps\*\ms-teams.exe

         Windows signing certificate info

  • Microsoft Corporation
Zoom

 

  • /Applications/zoom.us.app/**

 

  • C:\Users\*\AppData\Roaming\Zoom\**
  • C:\Program Files\Zoom\**

         MacOS signing certficate info

  • Developer ID Application: Zoom Video Communications, Inc. (BJ4HAAB9B3)

         

         Windows signing certificate info

  • Zoom Video Communications, Inc.

 

Messaging Applications

 

Application Paths Certificates
Signal

 

  • /Applications/Signal.app/**

 

 

 

  • C:\Users\*\AppData\**\signal-desktop\Signal.exe

         MacOS signing certificate info

  • Developer ID Application: Quiet Riddle Ventures LLC (U68MSDN6DR)

      

         Windows signing certificate info

  • Signal Messenger, LLC
Slack

 

  • /Applications/Slack.app/**

 

  • C:\Users\*\AppData\Local\slack\**

         MacOS signing certificate info

  • Developer ID Application: Slack Technologies, Inc. (BQR82RBBHL)

         Windows signing certificate info

  • Slack Technologies, Inc.

 

Windows 10 multi-session

Reference documentation:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-windows
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/agent-windows
https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows-azure-guest-agent
https://www.citrix.com/downloads/workspace-app/windows/

Application Paths Certificates
Windows 10 Multi-session Agents
  • C:\Packages\Plugins\Microsoft.Azure.NetworkWatcher.NetworkWatcherAgentWindows\*\NetworkWatcherAgent\NetworkWatcherAgent.exe
  • C:\WindowsAzure\Packages\GuestAgent\WindowsAzureGuestAgent.exe
  • C:\WindowsAzure\Packages\WaAppAgent.exe

Windows Signing certificate info

  • Microsoft Corporation
  • Microsoft Windows
Citrix Cloud
  • C:\PROGRA~2\Citrix\ICACLI~1\*
  • C:\Program Files (x86)\Citrix\ICA Client\**

Windows Signing certificate info

  • Citrix systems

 

Endpoint protection Application

Application Paths Certificates
JAMF Protect Agent
  • /Library/SystemExtensions/*/com.jamf.protect.security-extension.systemextension/**
  • /Applications/JamfProtect.app/**

         MacOS signing certificate info

  • Developer ID Application: JAMF Software (483DWKW443)

 

Powered by Wolken Software