cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Skype AppID is missing in MWG7.2.0

Hello,

the Application Control was introduced in 7.1.6 with Skype in Voip, filesharing, p2p and IM Groups. In 7.2.0 I can not find Skype anymore.

Can 7.2.0 detect, block or allow Skype traffic? Is it possible to block skype generally but allow Skype for some users only?

regards

11 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: Skype AppID is missing in MWG7.2.0

We are currently looking into this.

You also might want to look at https://community.mcafee.com/community/business/email_web/webgateway/blog/2010/09/06/skype-and-faceb...

As SKYPE is a network invasive protocol and requires more steps then just web gateway.

Michael

Michael Schneider
Senior Manager of PM
for Web Protection and UCE
(•‿•)
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 12

Re: Skype AppID is missing in MWG7.2.0

HI all,

is there a timeframe when this will be implemented again?? I need this feature for a MWG for a POC.

In fact, Skye is using a non standard SSL protocol. When inspecting SSL traffic then skype should not be able to access internet. Is this true or not? Or i am a litte bit blue-eyed? 🙂

Cheers,

Thorsten

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: Skype AppID is missing in MWG7.2.0

Hi Thorsten,

SSL Scanner enabled -> No Skype

SSL Scanner disabled -> Yes Skype 🙂

The problem with Skype is that there is no way to identify its traffic reliably (yet). So at the moment there is no way to allow Skype through MWG, while leaving SSL Scanner enabled for "normal" SSL sites. The only way to bypass SSL Scanner would be whitelisting by IP, which is hard since Skype uses P2P technologies. Hopefully we will have something in the future as part of the MWG (I think Skype detection works fine in the Firewall today).

Best,

Andre

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 12

Re: Skype AppID is missing in MWG7.2.0

Thorsten,

correct. SKYPE is using a proprietary encryption which in case SSL decryptio is used wil break. I'll give you a call to chat about your requirement for SKYPE.

thanks,

Michael

Michael Schneider
Senior Manager of PM
for Web Protection and UCE
(•‿•)
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 12

Re: Skype AppID is missing in MWG7.2.0

Hi volks,

thanks for the answer. Will Skype be available in the future again?

I tested this ruleset for me. I thin Skye skhould work when adding the rule.

Btw, i would combine this with a client.ip.

Cheers,

Thorsten

Nachricht geändert durch Troja on 09.05.12 14:19:57 MESZ
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: Skype AppID is missing in MWG7.2.0

The signature in the sigset was focused on a network centric detection of the protocol, which will only work on a firewall or IDS system. The pattern simply didn't provide benefit for the proxy model MWG is using. However, the steps included in this post will allow blocking Skype. The referenced blog post illustrates this further.

We are looking into further phases to expand the App Control to also include network centric detections, but for now the focus remains on web applications.

Michael

Michael Schneider
Senior Manager of PM
for Web Protection and UCE
(•‿•)

Re: Skype AppID is missing in MWG7.2.0

Thank you very much Troja, Skype worked in my environment as well.

fwmonitor: Is it possible to block skype generally but allow Skype for some users only?

Think it is. Please test it and let us all know..

Suggestions are heartly welcome!!

domain+skype+specific+IPs.PNG

Best Regards,
Niraj

Message was edited by: anirajstha on 10/3/13 10:14:34 AM CDT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: Skype AppID is missing in MWG7.2.0

I'm just noticing this now, but for everyone who created a rule using "SSL.Server.Handshake.CertificateIsRequested" should not being doing this.

In effect, you are just bypassing SSL scanning in the event that a client certificate is NOT requested (which is most SSL traffic).

Best,

Jon

Re: Skype AppID is missing in MWG7.2.0

Hello Jon Scholten,
Thank you for the suggestion.
Can you please suggest the best rules that I am actually trying accomplish as seen on my snapshot?

Thank you very much in advancec.


Best Regards,

Niraj

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community