How to block UltraSurf using Application and Device Control

Article:TECH184200  |  Created: 2012-03-19  |  Updated: 2013-03-04  |  Article URL http://www.symantec.com/docs/TECH184200
Article Type
Technical Solution

Product(s)

Languages

Problem



End users on the corporate network are using a proxy software tool called UltraSurf to bypass the corporate firewall or web filtering product, bypassing the restrictions of the company's content policy.  How can this be blocked with the Application and Device Control (ADC) component of Symantec Endpoint Protection (SEP)?

 


Error



 

 


Cause



End users are using UltraSurf to change the Internet Explorer proxy setting.

 


Solution



To prevent the use of UltraSurf in your network, follow these steps on the Symantec Endpoint Protection Manager (SEPM):
  1. Create the Policy in Application and Device Control
     
  2. Create the rule
    • Name. ex.: "Block UltraSurf"
       
  3. Create the condition "Registry Access Attempts"

     
  4. In  the "Apply this rule to the following processes"
    • add
    • in the box "Registry Key"
      • Put the Key:
        "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    • In the Box "ProxyServer"
    • Then OK

  5. Click in the Action tab:
    • In Read Attempt
    • Select "Block Access"
    • In Create, Delete or Write Attempt
    • Select "Block Access"
    • Then OK

  6. In TEST/PRODUCTION
    • Put Production
       
  7. OK

 

The policy attached below may also be imported into a SEPM and assigned to the client groups for which UltraSurf should be disallowed.


Attachments

Application Control policy - Block Ultrasurf.zip (2 kBytes)


Article URL http://www.symantec.com/docs/TECH184200


Terms of use for this information are found in Legal Notices

Please Sign In

Login using SymAccount.

Knowledge Base Search

Knowledge Base Search

Rate this Article

Help us improve your support experience.

MySymantec

MySymantec

Contacting Support

Contacting Support