The WSS Agent provides the ability to add web application executables to a WSS Agent bypass list.
Use Case—Connection Errors
- Some clients with WSS Agent might not connect to web applications through WSS. This issue is prevalent when WSS is integrated with CloudSOC for CASB inspections.
- A common lost connection cause is when a thick client pins a certificate. The connection breaks when WSS inserts its own SSL certificate. Dropbox is a prominent thick-client example of this use case.
- Furthermore, when WSS encounters this issue, it is not able to display response messages to the requesting clients. Nor are any error codes returned. The end user's perspective is that the application is not working, which then instigates support calls and troubleshooting.
- WSS bypasses or blocks connections from the thick app (for example—Dropbox), but the website (for example—www.dropbox.com) is susceptible to defined WSS policies (content, malware, DLP).
Connections on macOS Big Sur
- On macOS 11. x (Big Sur), VPN and meeting software might experience connections issues when a network extension such as WSS Agent is installed. You can bypass these applications.
Use Case—Strategic Bypass
Bypass applications (such as a VPN client) to negate having to bypass VPN and SAML IP addresses.
- Prefer using wildcards to entering in multiple distinct paths.
- For macOS, you should double-asterisk (**) wildcard everything past the .app or .systemextension you are trying to bypass.
- For Windows, you should double-asterisk (**) wildcard everything within the installation directory to cover all binaries for that application.
- Group all the paths and certificates for an application in a single "Executable Bypass" in the portal. You can safely combine both Windows and macOS configurations into a single application.
- On macOS Big Sur, network extensions get staged into the /Library/SystemExtensions/<OS-DEFINED-HASH>/ directory. You will need to use a single asterisk (*) to match the OS-defined hash value.
When entering in paths and certificates to the portal, do not wrap in quotes or try to escape spaces. Enter the values exactly as provided.
See WSS Agent—Bypass Applications for more information