I need to know how the MCP bypass for processname work on a technical level. I mean what exactly does it look for when a "processname bypass" is included on the client and if every processname is uniqe in its own way?
Couldn't find any info (sorry if this has been brought up before).
Hope you are doing well.
Process name is Name of the process that generated the traffic being redirected.
Process Name List — Web traffic coming from the processes in this list bypasses the proxy server. A
process runs on the endpoints. Windows process names must end with .exe. MacOS process names
don't require a file name extension.
Below is an example:-
Bypassing the cisco AnyConnect from MCP” can be achieved as below:-
For Cisco AnyConnect VPN, add the following processes to the MCP bypass list:-
You can add the executable of the VPN product in the MCP Polices Bypass list. For example, vpnagent.exe for Cisco Anyconnect VPN.
Also below executables should also be placed on MCP Policies bypass list:-
Windows process names must end with .exe. Mac OS X or macOS process names do not require a file name extension.
Thank you aloksard for quick answer.
So far i'm with you. But what i'm interested in is what happens once you change hash of a program (excluded)? Or if I change the install path of the process or manipulate the name of another program (not excluded) to a .exe processname that I know for a fact is excluded in order to get around the MCP?
It's based process name running. If you have "clientvpn.exe" and change the hash every day, as long as the process name is "clientvpn.exe" it will work.
At least that is the experience we have seen.
Does that help?