4 Replies Latest reply on Jun 30, 2015 1:15 AM by Berndinox

    Blocking all network traffic for a user

    adean Rookie
      When trying to block all network traffic using AppSense Application Manager you may find that doing a wildcard * for all ports is not sufficient.

      Connection Type: Hostname
      Host: *
      Port(s): 1-9999
      Path: <blank>
      Text contains wildcard characters: Checked
      Description: Block All Hostname based Network Access

      The reason for this is that when a search engine like Google Search is set as the default Search Engine in a browser like Firefox, any text entered into the Address Bar is posted to an IP Address rather than a Hostname.  As such your Hostname Rule Condition (*:1-9999) is not matched.

      Note that not the case for all search engines such as Bing/Yahoo who post to a hostname/URL rather than IP address.

      To block this behaviour you will need to add a similar Prohibited Network Connection Item based on IP address.  Configure the Host as *.*.*.* (tick the text contains wildcard option!) and ports as per your Host name rule (1-9999)

      Connection Type: IP Address
      Host: *.*.*.*
      Port(s): 1-9999
      Path: <blank>
      Text contains wildcard characters: Checked
      Description: Block All IP based Network Access

      Source: https://configmonkey.wordpress.com/2015/01/15/appsense-application-manager-blocking-all-traffic/
        • 1. Re: Blocking all network traffic for a user
          BChriscoli Expert
          Depending on where this is in the config, you may also find with that configuration, no new logons can be authenticated and as such, only cached credentials can get on.
          This is a very dangerous configuration and could negatively impact a device.
          • 2. Re: Blocking all network traffic for a user
            adean Rookie
            Good point! would probably be a really bad idea to use this as a device rule for example.

            This was utilised for a local "guest" account used by visiting users.
            It has not been tested for a domain account without an associated white list for specific subnets ports.

            However if your aim is to block all network traffic it does exactly what it says on the tin.
            • 3. Re: Blocking all network traffic for a user
              pascalp Employee
              As long as you ensure that the "Ignore restrictions during logon" is enabled, then in theory, you should be fine. Of course, this would need to be tested.
              • 4. Re: Blocking all network traffic for a user
                Berndinox Rookie
                That Setup is possible.

                We got this setup on some servers in live production.
                We just removed the Port Range, so everything is blocked.
                After we logged on with logging enabled, and repeatet the log process several time.

                Then we enabled all the necessary domain services to be allowed for the specific executables.

                You do not got any single access denied popup but everything is blocked from network,

                Its just a matter of time, but possible!