Solved

Uncategory Domains

  • 7 February 2024
  • 4 replies
  • 109 views

Hi

 

There are predefined list such as abortion, etc.  How can I block domain that has NOT been category yet?

 

thank

Munster

icon

Best answer by nduda 7 February 2024, 10:34

View original

4 replies

Userlevel 3
Badge +12

Hi @munster ,

 

There is a predefined category "Uncategorized " which can be added to the policy by setting the action as block.

Zulkifal

Userlevel 4
Badge +12

Providing a customer perspective on blocking uncategorized domains. Don't do it! The sheer volume of websites Netskope detects as uncategorized is pretty large. There are also tons of uncategorized websites that chrome extensions and other applications use (over 80/443 using browsers) that will cause things to break. I would encourage using a coaching page that allows users to understand the risks of browsing uncategorized while giving them the ability to proceed. Furthermore, use Remote Browser Isolation for uncategorized is also a great compromise that we have done for our users. We now feel with our defense-in-depth approach to malicious content and introducing phish-resistant MFA we now allow access to uncategorized domains.

Userlevel 3
Badge +12

I agree with @nduda . Blocking un-categorized sites can break multiple legitimate backend traffic. I've seen situations where Microsoft uses IP addresses instead of domains, and Netskope labels it as "Uncategorized."

Zulkifal

Userlevel 4
Badge +12

We see this also and had to build a custom URL list that applies before the uncategorized coaching stuff. Luckly we haven't had to update it much but here it is for those interested:

\b(?:\d{1,3}\.){3}\d{1,3}\b\/filestreamingservice\/files\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*\/filestreamingservice\/files\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*.intunewin.bin
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*\/ctldl.windowsupdate.com\/msdownload\/update\/v3\/static\/trustedr\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/pr\/.*\/Office\/Data\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/d\/msdownload\/.*

Reply