ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

List of Applications and Mobile Applications Exempted from SSL Interception

book

Article ID: 173380

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

In the Web Security Service SSL policy editor, Symantec maintains a list of applications in the SSL Bypass List and Mobile App Bypass list that are known to break when their traffic is intercepted, due to certificate pinning. The list is continually being updated; however, traffic for additional applications and domains that are not included in the list might break. For these applications and domains, Symantec recommends using the policy editor to exempt them from SSL interception.

For more information on Symantec Web Security Service, see the Web Security Service Solutions Dashboard.

Resolution

SSL Bypass List

The following table lists the applications that are in the SSL Bypass List by default:

Note: The applications in the SSL Bypass List are also exempted for mobile devices.
Application URL
Apple iTunes
  • .itunes.apple.com
DropBox
  • dropbox.com
Microsoft Downloads
  • download.microsoft.com
  • download.windowsupdate.com
  • ntservicepack.microsoft.com
  • office.microsoft.com/officeupdate
  • update.microsoft.com
  • windowsupdate.com
  • windowsupdate.microsoft.com
  • wustat.windows.com
Mozilla
  • mozilla.org
Mozilla Messaging
  • mozillamessaging.com

Office 365 Exchange Online

Note: If a rule exists in CASB or Elastica domains for an Office 365 Exchange URL, this exepmtion is ignored and traffic for this application is intercepted.
  • office.com
Skype for Business
  • az801095.vo.msecnd.net
  • i.s-microsoft.com
ThreatPulse
  • cloudwebsecurity.att.com
  • ctc.threatpulse.com
  • portal.threatpulse.com
TomTom
  • tomtom.com
Webex
  • webex.com
Windows Support
  • update.microsoft.com
Zoom
  • zoom.us

Mobile App Bypass List

The following table lists the applications that are in the Mobile App Bypass list by default:

Note: In the default policy, the applications in the Mobile App Bypass list are only exempted for mobile devices (unless the site or application is also listed in the SSL Bypass List).

Application

URL
Adobe Photoshop Express
  • dlmping2.adobe.com
  • dlmping3.adobe.com
  • fpdownload.adobe.com
  • get.adobe.com
  • get3.adobe.com
  • images2.adobe.com
  • ox-d.adobe
  • platformdl.adobe.com
  • sstats.adobe
  • stats.adobe.com
AirBnB
  • airbnb.com
Amazon Alexa
  • alexa.amazon.com
  • amazon.com
Apple App Store
  • apple.com
  • apple.com.akadns.net
  • gs-loc.apple.com
  • gsa.apple.com
  • icloud.com
  • itunes.apple.com
  • mzstatic.com
  • securemetrics.apple.com
  • swscan.apple.com
  • xp.apple.com
Apple iTunes
  • apple.com
  • apple.com.akadns.net
  • gs-loc.apple.com
  • gsa.apple.com
  • icloud.com
  • itunes.apple.com
  • mzstatic.com
  • securemetrics.apple.com
  • swscan.apple.com
  • xp.apple.com
Chase
  • chase.com
DropBox
  • block.dropbox.com
  • client.dropbox.com
  • client-cf.dropbox.com
  • d.dropbox.com
  • dl-debug.dropbox.com
  • dropbox.com
  • log.dropbox.com
  • m.dropbox.com
  • notify.dropbox.com
Facebook Messanger
  • facebook.com
Google Drive
  • accounts.gstatic.com
  • accounts.google.com
  • accounts.youtube.com
  • client3.google.com
  • clients1.google.com
  • clients2.google.com
  • clients3.google.com
  • clients4.google.com
  • clients5.google.com
  • clients6.google.com
  • cros-omahaproxy.appspot.com
  • dl.google.com
  • dl-ssl.google.com
  • googleapis.com
  • gstatic.com
  • m.google.com
  • omahaproxy.appspot.com
  • pack.google.com
  • safebrowsing-cache.google.com
  • safebrowsing.google.com
  • ssl.gstatic.com
  • tools.google.com
Google Hangouts
  • accounts.google.com
  • apis.google.com
  • appspot.com
  • client-channel.google.com
  • clients1.google.com
  • clients2.google.com
  • clients3.google.com
  • clients4.google.com
  • clients5.google.com
  • clients6.google.com
  • googleapis.com
  • googleusercontent.com
  • gstatic.com
  • pis.google.com
  • video.google.com
Join.me
  • join.me
  • joinme.com
  • whatsapp.net
Lynda.com
  • lynda.com
Microsoft Excel Mobile
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Microsoft Office Lens
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Microsoft OneNote
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Microsoft Powerpoint
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Microsoft Word
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Overwatch
  • battle.net
  • blizzard.com
  • blzddist1-a.akamaihd.net
  • blzddist2-a.akamaihd.net
PayPal
  • paypal.com
SoundCloud
  • soundcloud.com
Southwest Mobile App
  • mobile.southwest.com
  • smetrics.southwest.com
Starcraft
  • battle.net
  • blizzard.com
  • blzddist1-a.akamaihd.net
  • blzddist2-a.akamaihd.net
Twitter
  • twitter.com
Vimeo
  • m.vimeo.com
  • vimeo.com
Windows Apps
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com