Skip to main content

Telegram - Block Native Application Access on macOS

  • March 18, 2025
  • 0 replies
  • 94 views
C
Netskope Employee
Forum|alt.badge.img+5

 

AD_4nXcIWWnQa6boedA7MSXce06yjFoowwRYjnk1eooyiBn9pC6L6clSafuCKLPpfszbi_SbVpBLdxlHrmFJb60p9Pu4kJFH8nAEI239yu20HciiSLw0RNuIh54rI5csORXVF6K3D_2RUw?key=08lgKEV2E9Ew3z8LxAopywgD

Netskope Global Technical Success (GTS)

Telegram - Block Native Application Access on macOS

 

Netskope Cloud Version - 123

 

Objective

Block Telegram Native Application Access on macOS

 

Prerequisite

Netskope SWG license is required

 

Context

Telegram is a chat and instant messaging platform accessible via both a browser (web access) and a native application. End-users at customers' end may be utilizing Telegram on their machines. This document outlines the steps for blocking access to Telegram's native application on MacOS through Netskope

 

Do You Know?

  • Telegram native application uses Certificate pinning.
  • What is Certificate pinning?

Certificate pinning is a security technique used to enhance the protection of network communications by ensuring that an application only trusts a specific SSL/TLS certificate or a set of certificates. 

  • Because the Telegram native application employs certificate pinning, Netskope cannot perform SSL decryption on traffic generated by Telegram.
  • Without SSL decryption, the following controls cannot be applied:
  1. Netskope Data Loss Prevention (DLP)
  2. Netskope Threat Prevention
  3. Netskope Real-time Policy Controls
  • In short, visibility on traffic generated by Telegram native application is also very limited

 

Configuration

Step 1 -  Create a new certificate pinned application

Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform >>> App Definition  >>> New Certificate Pinned App

AD_4nXfduxp5H1FXn4-4Om0H0KbJSyo0p_qlyz3wPP1RAA1Z8wcPnynjp684vRqbKJOJSmiWQk3CAIqrIg-Rgb2nFC9otfWVojd49PlU2pXcPS5WRysSZd5K1S3VnimPi4wgmrc04IYc5g?key=08lgKEV2E9Ew3z8LxAopywgD

 

Step 2 - Add the following definition: Telegram

AD_4nXc1yDjI-gzDure7iLFj2wSSo6jO7P7RW7YRhl-1248RvR8JT7JOsNsjNDGOSOeCtu_6a-k1Mx1vi94rxpJL4TKN_CHTXjMBxPql_sVrRZeXh7BQsjplsaFXZFLC7R6zsG86JafGzg?key=08lgKEV2E9Ew3z8LxAopywgD

Note - Here you need to define the Platform where the application will be used, if needed for another platform then need to repeat the process.

 

Step 3 - Create an exception, while the action will be set to block as following:  

Path: Netskope Tenant UI >>> Settings >>>  Security Cloud Platform>>>Steering configuration>> Select the configuration >>> Exceptions >>> New exception Certificate Pinned App

AD_4nXds7l8kNwdDexi1mcn4HfqCnHi_ZRRZqA3JOwLYadRqQyEHm8KQdcJbkKed9ZiFtiilEhaff_S37bAwveLSqTJ2d3h0CabBhAo-UI7raQZuwQU9F4OqAu_nqYr-COS4C70_YeLs0A?key=08lgKEV2E9Ew3z8LxAopywgD

 

AD_4nXeVUWg4wZFrzsJ_MPUJGQc2l__6_l9kbd3VwidCkqjzc5UCeDo2bRaMCXOva7PT4Trhi_zYtFlJvAaMo-RI9GaS5OlWUEIgcwyjsUSLhmTCcnv1SqkScKhzXHLmfCt-4gFGv6LpDA?key=08lgKEV2E9Ew3z8LxAopywgD

 

Step 4 - Try to open the native Telegram App, you should see the following:

AD_4nXe21Odl8fx7zM-_-ezJk1A-e18KtnFUd3xajmgv0-xcVCMeYcWSYS37WQgW1yHsBuuAwC5p2U-gEy9JnezS9ie0yyLEfLnjvIVZx658-jfDHdq2zJnPouakJgY2YO8c0HyA2zmo?key=08lgKEV2E9Ew3z8LxAopywgD

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To question'.
This topic has been closed for replies.

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsAccessibility statement