Netskope Global Technical Success (GTS)
Block Telegram Native Application Access on Windows
Netskope Cloud Version - 118
Objective
Block Telegram Native Application Access on Windows
Prerequisite
Netskope Inline CASB or SWG license is required
Context
Telegram is a chat and instant messaging platform accessible via both a browser (web access) and a native application. End-users at customers' end may be utilizing Telegram on their machines. This document outlines the steps for blocking access to Telegram's native application on Windows through Netskope
Do You Know?
- Telegram native application uses Certificate pinning.
- What is Certificate pinning?
Certificate pinning is a security technique used to enhance the protection of network communications by ensuring that an application only trusts a specific SSL/TLS certificate or a set of certificates.
- Because the Telegram native application employs certificate pinning, Netskope cannot perform SSL decryption on traffic generated by Telegram.
- Without SSL decryption, the following controls cannot be applied:
- Netskope Data Loss Prevention (DLP)
- Netskope Threat Prevention
- Netskope Real-time Policy Controls
- In short, visibility on traffic generated by Telegram native application is also very limited
Configuration
Step 1 - Create a new certificate pinned application
Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform >>> App Definition >>> New Certificate Pinned App
Step 2 - Add the following executable: Telegram.exe
Note - Here you need to define the Platform where the application will be used, if needed for another platform then need to repeat the process.
Step 3 - Create an exception, while the action will be set to block as following:
Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform>>>Steering configuration>> Select the configuration >>> Exceptions >>> New exception Certificate Pinned App
Verification
Note: If the telegram app is running please make sure to kill the telegram process, after kill the process run the application again and test.
You can verify the block action at Netskope logs:
Question - How can I determine that the telegram.exe is attempting to connect?
Answer -
Netskope Client logs
filename - nsdebuglog.log
Sample
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.