Netskope Global Technical Success (GTS)

WeChat - Block Native Application Access on Windows

Netskope Cloud Version - 120

Objective

Block WeChat Native Application Access

Prerequisite

Netskope Inline CASB/SWG license is required

Context

WeChat offers a native application to which customers are looking to restrict access to. While uploads and downloads activity can be regulated for WeChat Web through Real-Time policies, Issue is encountered with WeChat Native Application. WeChat being a certificate pinned application, Real Time Policies fail to effectively control activities, presenting a challenge for managing usage of WeChat Desktop Application.

Do You Know?

• WeChat Desktop App being a Certificate pinned application, Netskope cannot control any activity or DLP Inspection.
• Netskope acknowledges WeChat Web as a Cloud Application and provides a pre-defined cloud app connector.
• As of Oct 14, 2024 with Netskope’s Predefined connector, Customer can exercise following activities on WeChat Web Application.

Configuration

• Step 1: Create a new certificate pinned application

Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform  - - - App Definition  >>> New Certificate Pinned App

• Step 2: Add the following executables

WeChatOCR.exe

WeChat.exe

WeChatAppEx.exe

WeChatPlayer.exe

mmcrashpad_handler64.exe

Note - Here you need to define the Platform where the application will be used, if needed for another platform then need to repeat the process.

• Step 3: Create an Exceptions, while the action will be set to block as follow 

Path: Netskope Tenant UI >>> Settings >>> - Security Cloud Platform  - - -> Steering configuration → Exceptions → New  

Select the previous created certificated pinned application, add * as custom app domains to bypass all domains, then select “Block”

Once the Exception is created in Steering Configuration Profile, Please ensure that Netskope Client is up-to-date by right-clicking on its icon, go to its configuration, and make sure there are no pending updates.

Verification

In a Windows machine with WeChat Desktop App installed, run the application.

You should notice that the application will not be able to initiate and you will observe a Block Notification Pop-up as mentioned below.

You can verify the block action at Netskope Client Events Page:

Go to Netskope Client > View Blocked Events.

You may find all the Native App Blocked Events in the Client’s Blocked Events Page.

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.m