UltraSurf

**Zoom7000** · 26th June 2009, 03:03 PM

Noticed that this program has been doing the rounds on our network. It manages to edit IE's proxy to 127.0.0.1 Port: 9666 to get out to the Internet.

I have added versions 9.2 - 9.5 to our software restriction policy. However, is there a way we can actually stop it getting out. We don't have a firewall in house so we can't do any blocking on any firewall, however, a quote from their website sounds rather worrying:

Originally Posted by Ultra Reach

11. Some companies block port 9666, which is used by UltraSurf, how do I bypass it?
A: 9666 is local port. We will add an option to let users set the port.

Source - Utra Reach

So, how would I go about blocking this thing from ever getting out?

**jamesb** · 26th June 2009, 03:22 PM

Is there any reason they need to be able to run programs outside of Program Files? If not you could just disable execution from everything except certain paths.

**Zoom7000** · 26th June 2009, 03:36 PM

Originally Posted by jamesb

Is there any reason they need to be able to run programs outside of Program Files? If not you could just disable execution from everything except certain paths.

It's funny you mention that, I just posted here about that. I tried blocking *.exe and leaving the others Program Files, etc as Unrestricted, which was already there. But is seems disallow takes precedence.

**maark** · 26th June 2009, 03:42 PM

If you are running sophos there is an application management policy that can be configured to block it and ohters like it - just testing it here,
Mark

**jamesb** · 26th June 2009, 03:51 PM

What I believe you need to do is disallow all by default, then explicitly allow the paths you want.

Or simply restrict yourself to manually applying blocks to all paths you don't want, which could take some time.

**Zoom7000** · 26th June 2009, 06:14 PM

Right, I have changed the setting to restrict everything by default. However, I noticed that only Program Files\*.exe is enabled. So, e.g. Word won't run as it sits in "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" so that equates to "%ProgramFiles%\*\*\*.exe" is there anyway I can allow ALL files under Program Files regardless of directory structure, as most programs sit under multiple directories under Program Files.

**Cache** · 26th June 2009, 07:19 PM

Have you tried %programfiles%\* ? I think that should do it, but not 100% certain.

**tom_newton** · 26th June 2009, 09:23 PM

If you only need web access from the PCs externally... unset your gateway?

Makes a good substitute for a firewall

Giz a bell monday anyway!

**john** · 26th June 2009, 09:52 PM

Originally Posted by tom_newton

If you only need web access from the PCs externally... unset your gateway?

Makes a good substitute for a firewall

Giz a bell monday anyway!

But when you do that Real Player fails, as does pop connectivity for email and a whole host of other blasted education software

I never used to have one on my machines and then at the advice of Smoothwall set it, which yes fixed various things but does give other risks.

**imiddleton25** · 26th June 2009, 10:39 PM

I know it does not solve your problem with no firewall but for other reading this i have blocked this by

Simply on my network I have no need for PC going direct to https sites unless they go via the proxy

So on the proxy , I then set secure web to reject

It stops it dead much to disgust of kids

we also have used Sophos to delete it but only works on our Machines not kids own laptops

LinkBack

Thread Tools

Search Thread

UltraSurf

Thanks to jamesb from:

block

Thread Information

Users Browsing this Thread

Posting Permissions