List of Applications and Mobile Applications Exempted from SSL Interception

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

In the Cloud Secure Web Gateway (Cloud SWG, and formerly known as WSS) SSL policy editor, Symantec maintains a list of applications in the SSL Bypass List and Mobile App Bypass list that are known to break when their traffic is intercepted, due to certificate pinning. The list is continually being updated; however, traffic for additional applications and domains that are not included in the list might break. For these applications and domains, Symantec recommends using the policy editor to exempt them from SSL interception.

For more information on Cloud SWG, see the Cloud SWG Solutions Dashboard.

Resolution

SSL Bypass List

The following table lists the applications that are in the SSL Bypass List by default:

Note: The applications in the SSL Bypass List are also exempted for mobile devices.

Application	URL
Apple iTunes	.itunes.apple.com
DropBox Note: If a rule exists in CASB or Elastica domains for a Dropbox URL, this exemption is ignored and traffic for this application is intercepted.	dropbox.com
Microsoft Downloads	download.microsoft.com download.windowsupdate.com ntservicepack.microsoft.com office.microsoft.com/officeupdate update.microsoft.com windowsupdate.com windowsupdate.microsoft.com wustat.windows.com
Mozilla	mozilla.org
Mozilla Messaging	mozillamessaging.com
Office 365 Exchange Online Note: If a rule exists in CASB or Elastica domains for an Office 365 Exchange URL, this exemption is ignored and traffic for this application is intercepted.	office.com
Skype for Business	az801095.vo.msecnd.net i.s-microsoft.com
ThreatPulse	cloudwebsecurity.att.com ctc.threatpulse.com portal.threatpulse.com
TomTom	tomtom.com
WebEX Note: If a rule exists in CASB or Elastica domains for a WebEX URL, this exemption is ignored and traffic for this application is intercepted.	webex.com
Windows Support	update.microsoft.com

Zoom

zoom.us

Mobile App Bypass List

The following table lists the applications that are in the Mobile App Bypass list by default:

Note: In the default policy, the applications in the Mobile App Bypass list are only exempted for mobile devices (unless the site or application is also listed in the SSL Bypass List).

Application	URL
Adobe Photoshop Express	dlmping2.adobe.com dlmping3.adobe.com fpdownload.adobe.com get.adobe.com get3.adobe.com images2.adobe.com ox-d.adobe platformdl.adobe.com sstats.adobe stats.adobe.com
AirBnB	airbnb.com
Amazon Alexa	alexa.amazon.com amazon.com
Apple App Store	apple.com apple.com.akadns.net gs-loc.apple.com gsa.apple.com icloud.com itunes.apple.com mzstatic.com securemetrics.apple.com swscan.apple.com xp.apple.com
Apple iTunes	apple.com apple.com.akadns.net gs-loc.apple.com gsa.apple.com icloud.com itunes.apple.com mzstatic.com securemetrics.apple.com swscan.apple.com xp.apple.com
Chase	chase.com
DropBox	block.dropbox.com client.dropbox.com client-cf.dropbox.com d.dropbox.com dl-debug.dropbox.com dropbox.com log.dropbox.com m.dropbox.com notify.dropbox.com
Facebook Messenger	facebook.com
Google Drive	accounts.gstatic.com accounts.google.com accounts.youtube.com client3.google.com clients1.google.com clients2.google.com clients3.google.com clients4.google.com clients5.google.com clients6.google.com cros-omahaproxy.appspot.com dl.google.com dl-ssl.google.com googleapis.com gstatic.com m.google.com omahaproxy.appspot.com pack.google.com safebrowsing-cache.google.com safebrowsing.google.com ssl.gstatic.com tools.google.com
Google Hangouts	accounts.google.com apis.google.com appspot.com client-channel.google.com clients1.google.com clients2.google.com clients3.google.com clients4.google.com clients5.google.com clients6.google.com googleapis.com googleusercontent.com gstatic.com pis.google.com video.google.com
Join.me	join.me joinme.com whatsapp.net
Lynda.com	lynda.com
Microsoft Excel Mobile	apps.microsoft.com clientconfig.passport.net eus-streaming-video-msn- com.akamaized.net live.com microsoft.com msftncsi.com windowsupdate.com wns.windows.com wustat.windows.com
Microsoft Office Lens	apps.microsoft.com clientconfig.passport.net eus-streaming-video-msn- com.akamaized.net live.com microsoft.com msftncsi.com windowsupdate.com wns.windows.com wustat.windows.com
Microsoft OneNote	apps.microsoft.com clientconfig.passport.net eus-streaming-video-msn- com.akamaized.net live.com microsoft.com msftncsi.com windowsupdate.com wns.windows.com wustat.windows.com
Microsoft Powerpoint	apps.microsoft.com clientconfig.passport.net eus-streaming-video-msn- com.akamaized.net live.com microsoft.com msftncsi.com windowsupdate.com wns.windows.com wustat.windows.com
Microsoft Word	apps.microsoft.com clientconfig.passport.net eus-streaming-video-msn- com.akamaized.net live.com microsoft.com msftncsi.com windowsupdate.com wns.windows.com wustat.windows.com
Overwatch	battle.net blizzard.com blzddist1-a.akamaihd.net blzddist2-a.akamaihd.net
PayPal	paypal.com
SoundCloud	soundcloud.com
Southwest Mobile App	mobile.southwest.com smetrics.southwest.com
Starcraft	battle.net blizzard.com blzddist1-a.akamaihd.net blzddist2-a.akamaihd.net
Twitter	twitter.com
Vimeo	m.vimeo.com vimeo.com
Windows Apps	apps.microsoft.com clientconfig.passport.net eus-streaming-video-msn- com.akamaized.net live.com microsoft.com msftncsi.com windowsupdate.com wns.windows.com wustat.windows.com