Block Psiphon VPN via Defender for Endpoint

Copper Contributor

Hi guys, our organization uses defender for business.

Web content filter rule can be by-pass using a VPN (E.g Psiphon VPN or another VPN). So, we tried to block the VPN app via Defender for Endpoint portal using "Settings>Endpoints>indicators>Certificates. Unfortunately, the blocking can be bypassed again if we click "Allow" in the client machine's Defender, so the Psiphon VPN (portable version) is working properly.

5 Replies

Certificates will keep changing so using that to block the installation will not really help. How is the VPN application being installed? Do users have local admin rights?


Thank you for your reply.

VPN App is portable type.

Yes, have local admin right.

VPN bypassed Web content filtering policy so Web content filtering is useless. Please advise me the best way how to block vpn app execution.

Then I will suggest to set the users with standard permissions so that they can’t install any VPN software themselves. Set restrictions against browser extensions for the same. You won’t be able to address this using MDE policies.
Thanks for your suggestion. You mean we don't have to configure any policy in MDE right?
Nothing directly relevant that can work dynamically. You can possibly block the installer exe or like you did using the cert, but these are not sustainable options in my opinion.