Netskope Global Technical Success (GTS)

How to Block WhatsApp Native Application Access - mac OS

Netskope Cloud Version - 122

Objective

Block WhatsApp Native Application Access on MAC OS

Prerequisite

Netskope Inline CASB and SWG license is required

Context

WhatsApp offers a native application to which customers are looking to restrict access to. While they have the ability to regulate uploads and downloads for WhatsApp Web through Real-Time policies, they encounter issues with the WhatsApp desktop application. Existing policies fail to effectively control access in this context, presenting a challenge for managing WhatsApp usage across different platforms.

This document focuses on Netskope's ability to block WhatsApp Native Application access on MAC OS.

Findings

• Netskope acknowledges WhatsApp Web as a Cloud Application and provides a predefined cloud app connector.
• Predefined Cloud Connector for WhatsApp does not support DLP and Threat Protection on any activities due to end-to-end encryption.
• As of Jan 3, 2025 with Netskope’s WhatsApp predefined connector, customers can exercise control over the following activities:

Configuration

Please use the following steps to Block WhatsApp Native Application on MAC OS : 

• Step 1 -  Create a new certificate pinned application

Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform - Steering configuration - New Certificate Pinned App

• Step 2 - Add the following process name “WhatsApp” with platform selected as Mac

Click on Save, add the exception and set the Action to Block

• Step 3 - Edit the current steering configuration to allow non-standard ports to be steered to Netskope. The WhatsApp desktop application uses 443 port 80,443 and 5222. Reference: Link

Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform - Steering configuration - Edit

Note - When using non-standard ports and not specifying the domains you can potentially steer traffic from any other certificate pinned application that uses the same ports as destination.

Once the above configurations are in place, please ensure that Netskope Client is up-to-date by right-clicking on its icon, go to its configuration, and make sure there are no pending updates.

Lab recreate

When you try to open WhatsApp now, the QR code on MAC OS does not load and you will be able to see a block prompt as below -

For Whatsapp application that is pre-configured, any text / voice messages will not be sent and received.

Verification through Netskope Client debug logs:

Save a copy of Netskope Debug Logs and open the file NSdebuglogs.logs

2025/01/03 18:31:01.623198 stAgentNE p42685 t22279 info bypassAppMgr.cpp:682 BypassAppMgr Dropping connection from process: whatsapp, host: chat.cdn.whatsapp.net

2025/01/03 18:31:01.623934 stAgentNE p42685 t32291 info bypassAppMgr.cpp:682 BypassAppMgr Dropping connection from process: whatsapp, host: chat.cdn.whatsapp.net

2025/01/03 18:31:04.617889 stAgentNE p42685 t22279 info bypassAppMgr.cpp:682 BypassAppMgr Dropping connection from process: whatsapp, host: static.whatsapp.net

2025/01/03 18:31:04.618595 stAgentNE p42685 t32291 info bypassAppMgr.cpp:682 BypassAppMgr Dropping connection from process: whatsapp, host: static.whatsapp.net

2025/01/03 18:31:13.643245 stAgentNE p42685 t32291 info bypassAppMgr.cpp:682 

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, If any such platform changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.