Block Any Desk using Netskope's SWG Module - MAC OS

Netskope Global Technical Success (GTS)

Block Any Desk using Netskope's SWG Module - MAC OS

Netskope Cloud Version - 120

Objective

The objective of this document is to describe the procedure for blocking AnyDesk using Netskope. While Anydesk is referenced for example, this procedure can be applied for similar Remote Control Applications that an IT Administrator would like to access control over, within the organization.

Prerequisite

Netskope SWG License is required

Context

AnyDesk is a remote desktop application that enables users to connect to and control another computer over the internet. It is commonly used for remote support, remote work, and accessing files or applications from different locations. Although AnyDesk is available for free, it may not be sanctioned for use within the organization. Therefore, IT teams may need to manage and control its usage. This document outlines the procedure for blocking AnyDesk on MAC OS

Do You Know?

As of August 29, 2024, Netskope recognizes AnyDesk as a cloud application. However, there is currently no predefined cloud app connector available for AnyDesk within the Netskope platform.

AD_4nXc-sEvi6WMiR6ZtAAM2DrMyxBPgoFybcPYUjyPGzfaJeBNKfAyfIUykPo3TsiYtCyP7ncO47HhmphfEE_VkDF6Pr9RNyGh1PEKo3v-0vm95X0JbKn3_Z-tG4QORL7t2AULgmR-a-kQZgRXH5r66-ozrlqw?key=6lYAqtICFrRTsWxY5_t0RQ

Details

Netskope client will forward the Port 80/443 TCP/UDP traffic by default to Netskope Gateway when the Traffic steering type is set to Steer All Web Traffic (except the exceptions)
If a Customer wants to exercise control over an Application that uses Non Standard ports for HTTP/HTTPs traffic, the traffic needs to be explicitly steered to Netskope using Netskope’s Steering configuration.
Path → Settings - Security Cloud Platform - Steering configuration - Edit - Non Standard Ports (If you do not see this module, please contact the TSM Team to enable this feature from the backed)

Blocking Anydesk using Netskope SWG Module :

As per information available on Anydesk’s website, it uses the Ports 80,443 and 6568 for communication with protocols TCP / UDP on the domain : *.net.anydesk.com
We will use the Steer Non Standard Port option on the Web UI to steer Non Standard port traffic for Anydesk

Go to Settings - Security Cloud platform - Steering configuration and steer the below Non Standard port traffic destined to anydesk domain.

Step 2 : We will create a Certificate pinned Application entry for Anydesk and block it

Find out the process name used by the Application on MAC OS.

This can be found out from the Activity monitor for MAC OS. The process name is “Anydesk”

Now go to the UI Path : Settings - Security Cloud Platform - Steering Configuration - Exceptions - New Exception - Certificate pinned Application. Click on the “+” sign.

AD_4nXciheqBcU42nQKPyqJoWCaDrTBjwO8KH8OkFprthD7p99ncTQATj3_5Tp9anmwpWxCHWZDrzITod4NyRXzb_xEKMBbXE3M7IdiE_KmgkgDb0uCAkqvOGVtbbYZctEHZH_YHPLLLc1ZgIvMjyYnqjdw71RlV?key=6lYAqtICFrRTsWxY5_t0RQ

NOTE : Always ensure to test the changes in a test steering configuration applied to a test set of users before rolling out in production.

Now, add the platform windows and add the below regex

AD_4nXdxXc73rUQL3HvRiRENZqB63CqdODOcdO2gMlp1Z9A73wywjZoyefWwoSNKAWwvrTcbJAjtZ7KEWD-bsjt2rJCiwlkE5RgZj0bNva1vU1wjrtv4CA4B-_QXPVBbvHcTDPi9lN6RcS2lwcXjPJciCScBDQ6i?key=6lYAqtICFrRTsWxY5_t0RQ

Now add the Application to the list and Click “Add”. Add the domains for Anydesk to which the application tries to connect to. Add an appropriate note is always a good practice in terms of managing exceptions.

AD_4nXch9T59vo34NvvGKORCuqWp8iosgkdzIRHbGbQoFMoN2oV52VKP8zli9kKioT9dk4fo-NKyuXjXAmw2Da1Knepl_qrpzW8cQCrclohPUTBu-93lrVWTP96H5sJLQoM6cwTXEZgSoXHEy8HLKFuQ2CPsKgo?key=6lYAqtICFrRTsWxY5_t0RQ

Once you save this, go to a test machine and update the Netskope Client configuration.

Lab Recreate

Go to Anydesk Application and try connecting to Any Remote computer. Note that if you have Anydesk running previously, please kill the process and relaunch it

You will see a Message prompt as shown below which indicates that Anydesk has been blocked on the end user’s system.

AD_4nXd6aajaZbgJlrMw9vH6Ca4cQLJJQfhxPR8buwKrSXY2c2iuKQwCskHmNvyZcK0BDowh7PzacBME6TlB2XIgDnx8DJ-eWuTwzTM7gKKSx8sEopwV9prpJKPrtv7MYo9bA0eVsF1F2ayv0XHawvpwSZnJ--OX?key=6lYAqtICFrRTsWxY5_t0RQ

Verification through Netskope Debug Logs :

Save a copy of Netskope Debug Logs and open the file NSdebuglogs.logs.

2024/08/31 22:14:15.980796 stAgentNE p47802 t16655 info bypassAppMgr.cpp:671 BypassAppMgr Dropping connection from process: anydesk, host: relay-655af3f4.net.anydesk.com

2024/08/31 22:14:15.985965 stAgentNE p47802 t29703 info bypassAppMgr.cpp:671 BypassAppMgr Dropping connection from process: anydesk, host: relay-655af3f4.net.anydesk.com

If you change the Name of the application to any other name like “testapp.dmg” and run it, MAC OS will still capture the original process name in Activity Monitor and still continue to Block Anydesk

AD_4nXeWqvUtfq-wj3OWh2WX70JWTD47XCMGt_wYoGgVbbR-OTZRibG_Lj3TQeqQpJR_fbqxXSe9kcsqgtR1G25M2rVZZrcgZ_bLFKNdqyFP1Wld9KGYEXq_p6oTWtDHdaUizLF39bsYtPqtp1GjEEypkw0GPmWb?key=6lYAqtICFrRTsWxY5_t0RQ

Terms and Conditions

All documented information undergoes testing and verification to ensure accuracy.
In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

This article is authored by Netskope Global Technical Success (GTS).
For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.

Netskope Global Technical Success (GTS)

Block Any Desk using Netskope's SWG Module - MAC OS

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded