Senso.cloud is capable of filtering SSL traffic, but in certain cases, it can cause issues with websites or applications that have their own SSL Certificates installed, rendering them inoperable. However, there are two reliable methods to resolve this problem and restore functionality to the affected website or application.

 

The first option involves adding the name of the application .exe to the SSL Exclusions list. The second option is to include the website's IP Address in the SSL URL exclusions list. Both options can be configured within the Logging and Blocking Policy settings.


Finding the Logging and Blocking Policy

Logging and blocking policies can be set at any level. Typically, the policy would either be at the top level or at the site level. Alternatively, you may find it set on a group within the sites.

If you don't know where you are logging and blocking policy is set. You can tick the device you are seeing this issue on and then click the passport.


Text

Description automatically generated with low confidence Graphical user interface, diagram, application

Description automatically generated 

 

That should open a window for you that will show which policies are affecting the device and where they are.

 

Application Exclusions

 

The Logging and Blocking Policy has an option to exclude processes from SSL Filtering.  Simply add the process name or part of the path to the SSL Application Exclusions box.



An example would be:

 

app1.exe|system32|folder\app2.exe

 

The above example will allow app1.exe, wherever the app exists on hard disk to be excluded.  It also allows any application in the System32 folder to go unfiltered and finally, any app2.exe residing in Folder to be excluded.

 

This will of course not work if its a website that has the issue because you cannot exclude browsers (chrome, ie, firefox etc) otherwise all logging and blocking for those browsers will no longer work.

 

URL/IP Exclusions

 

The Logging and Blocking Policy has an option to exclude IP Addresses and URL's from SSL Filtering.  Simply add the URL or IP to the SSL URL Exclusions box.

 


An example would be:

 

192.168|10.0|website.com

 

The above example will allow an IP address containing '192.168' and '10.0' to completely bypass the Senso SSL Filter, and any URL containing website.com will go unfiltered.


Inspect Selected Applications


If you wish to configure Senso to only inspect traffic from browsers or selected applications, you can edit the field:

[Windows Only] Only filter the following application

As default this will be configured to .exe allowing Senso to inspect all applications, if configured to edge.exe|chrome.exe| then Senso will only inspect browser SSL traffic ignoring any other applications:



This will prevent the requirement for whitelisting any application from inspection within Senso as we are only inspecting selected applications, however will also prevent Senso from blocking access or controlling 3rd party applications