Possible to only Exclude replacing HTTPS certificate from Network Protection
Hi
We currently try to only replace HTTP certificate for our web DLP solution and remain other encrpyted traffic being intercepted but failed.
We have checked the general settings and noticed that simply just unclick Scan HTTPS doesn't stop replacing the certification but disble the feature only.
Does anyone have faced similar issues and suggest any workaround?
Comments
-
Hello.
Since you need help with business product, @Andrei_S Enterprise (who provides support for business products) could take a look here and help you with the issue.
Also, you can always contact the Bitdefender business support:
Regards.
0 -
Hello @allenwu ,
Please use this article and add an exclusion in the Network Protection: https://www.bitdefender.com/business/support/en/77209-342964-general.html
If you still needed assistance with adding the exclusion or if your scenario is not resolved please reach out to the Enterprise Support Team and someone will be happy to help you.
Kind Regards
0 -
We have seen and did follow the instruction on that article but it doesn't quite fit our scenario. The current setting only allows exceptions on certain websites without stopping replacing the original HTTP certificates to Bitdefender-signed ones.
This puts us in a paradox: either stop all network protection to enable HTTP DLP traffic inspection or have no content visibility on HTTP traffic at all
The suggested method from our provider is to disable all network protection features to stop certificate replacement. However, we find it a bit unfortunate that there is no configuration to stop replacing the HTTPS certificate only.
Therefore, we are reaching out here to see if any other experts share the same concern.
Regards.
0 -
Bypassing HTTPS TLS interception alone seems to be possible by disabling Encrypted Web Scan with Support Teams remote assistance according to a comment from the articles below, written in March 3, 2023.
For other defenders' information, we might try to reach out to Support team for this workaround.
https://community.bitdefender.com/en/discussion/93304
https://community.bitdefender.com/en/discussion/95418
1