Answer
PROBLEM
WebMonitor cannot block sites if the user is running the third party program UltraSurf.
ENVIRONMENT
- GFI WebMonitor
- All Supported Environments
SOLUTION
UltraSurf works by opening a port on the local machine (ex. 127.0.0.1:9666) and then setting the proxy settings of your Internet Explorer to use this local port. UltraSurf then opens an HTTPS connection (port 443) directly to an UltraSurf server IP Address that is either hardcoded into the program or that it discovers in various ways.Option 1:
Since it is making an HTTPS connection directly from the client via its default gateway to a public IP address, you can block the traffic in one of the following ways:
- Block all HTTP and HTTPS traffic at your firewall that is coming directly from internal clients except WebMonitor
- Block all HTTPS (destination port 433) traffic at your firewall to the following ranges, known to include the Ultrasurf Servers:
65.49.0.0/17
204.107.140.0/24
204.107.140.0/24
Option 2:
Configure Microsoft AppLocker to prevent the program from executing Via GPO. More Detailed information on AppLocker can me found in the below link:
http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx
Configure Microsoft AppLocker to prevent the program from executing Via GPO. More Detailed information on AppLocker can me found in the below link:
http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx
CAUSE
Ultrasurf is a software program designed to bypass proxy servers like WebMonitor.