Forum Discussion

Lucas_Daneil_Lewis's avatar
Lucas_Daneil_Lewis
Copper Contributor
Jan 01, 2023

Block Psiphon VPN via Defender for Endpoint

Hi guys, our organization uses defender for business.

Web content filter rule can be by-pass using a VPN (E.g Psiphon VPN or another VPN). So, we tried to block the VPN app via Defender for Endpoint portal using "Settings>Endpoints>indicators>Certificates. Unfortunately, the blocking can be bypassed again if we click "Allow" in the client machine's Defender, so the Psiphon VPN (portable version) is working properly.

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor

    Certificates will keep changing so using that to block the installation will not really help. How is the VPN application being installed? Do users have local admin rights?

    • Lucas_Daneil_Lewis's avatar
      Lucas_Daneil_Lewis
      Copper Contributor

      rahuljindal-MVP 

      Thank you for your reply.

      VPN App is portable type.

      Yes, have local admin right.

      VPN bypassed Web content filtering policy so Web content filtering is useless. Please advise me the best way how to block vpn app execution.

      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        Then I will suggest to set the users with standard permissions so that they can’t install any VPN software themselves. Set restrictions against browser extensions for the same. You won’t be able to address this using MDE policies.

Resources