Web Access Protection - Blocking Facebook

Discussion in 'ESET Endpoint Products' started by Lunartick, May 8, 2013.

Thread Status:
Not open for further replies.
  1. Lunartick

    Lunartick Registered Member

    Joined:
    May 8, 2013
    Posts:
    3
    Location:
    UK
    Hi,

    Just wondering if anyone maybe able to shed some light on little (annoying!) problem that I am experiencing with some users.

    Found this guide to blocking website access through Web Access Protection. I have tried to block https://www.facebook.com , but following this method it fails.

    I am running ESET Endpoint Security v5.0.2214.

    Thanks for any advice.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You must enable SSL scanning in order to block access to websites via https.
     
  3. er34

    er34 Guest

    Blocking any site is very easy with any ESET product and is not dependant on Parental-control feature or similar. You can use the web protection.

    All you have to do is to find the Address management and to make sure you type in the list of blocked addressed. Enter *facebook* (note that you must enter the stars aroun the name) and then ok/save.
    This will block any website with exactly facebook string in it, including the Facebook pages. And what is most fun - by default it will not notify users and they will keep refreshing till they decide Facebook may be down :D (of course there is an option to let the users known if you want to).

    More information here:
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2123

    You can do this change via ERA, too, and for version 5, too - it is practically the same.
     
  4. er34

    er34 Guest

    BTW, I remember a case where I had to block Facebook for some people at an government instituation. One of the users there suddenly lost access to Facebook, then visit the local IT guy and asked him why Facebook is not accessable from her machine. The IT guy (I helped him block facebook this way - described above) told her Facebook is smart application and refused to open because today she has used it too much. She was dumb enough to believe - ROFL ROFL ROFL :D :D :D
     
  5. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    Just be mindful if you use this approach, you may get many false alarms from websites that embed the Facebook like button their page.
     
  6. er34

    er34 Guest

    It won't be false positive and ESET won't block the whole page just because it contains some +1 or Like Facebook feature. That is the idea - everything Facebook related to be blocked ;)
     
  7. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Long shot here.
    Have you tried entering the facebook domain in your local host file.
     
  8. Lunartick

    Lunartick Registered Member

    Joined:
    May 8, 2013
    Posts:
    3
    Location:
    UK
    Hi, thanks for responses.

    Looked into hosts file - didn't block access via https://

    Tried the *facebook* in Web Access Protection - didn't block via https://

    Will look into the SSL scanning, but am I right in thinking that this would be a blanket block on https:// sites?

    Thanks in advance.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It sounds like you didn't enable SSL scanning which is necessary for blocking websites accessed via https.
     
  10. Lunartick

    Lunartick Registered Member

    Joined:
    May 8, 2013
    Posts:
    3
    Location:
    UK
    Hi,

    Thanks for the advice regarding SSL scanning.

    If I enable to SSL scanning, then https://www.facebook.com is indeed blocked.

    However, we also use a product called Zscaler. Essentially what is happening is we have to enable SSL scanning with Zscaler as a blanket setting for all our PCs. We only want to completely block Facebook on a handful of PCs at various sites, which I was hoping to be able to do with ESET on a per device basis.

    The reason we have Zscaler is we need to be able to monitor and produce reports centrally, which this give us the ability to do.

    Now, when Zscaler proxy is applied and certificates installed, trying to use ESET to block https:// facebook doesnt work. Almost as if Zscaler is somehow taking priority over the ESET configuration.

    Just wondering if there is any slim chance someone might know anything about this at all?

    Thanks in advance.
     
  11. RobJanssen

    RobJanssen Registered Member

    Joined:
    Jul 15, 2011
    Posts:
    55
    While it is very common to block facebook in company settings, you have to know about one possible problem: more and more websites use facebook as a user/logon management tool. When you want to log in to the site, you click on a "login via facebook" icon, and stupidly they use the same www.facebook.com hostname for that functionality as is used for the main site.
    So, when you block www.facebook.com you block all those sites as well, and some of them would be reasonable to use in a business environment.

    (of course Facebook could simply work around this by using a different domain name for that service, maybe even as simple as using a different subdomain, but probably they like the situation as it is now, because this makes it more difficult for people to block them)
     
Thread Status:
Not open for further replies.