List of Applications and Mobile Applications Exempted from SSL Interception

TECH252764
Last Updated April 27, 2019
Copy Article Title/URL
Feedback
Subscribe

In the Web Security Service SSL policy editor, Symantec maintains a list of applications in the SSL Bypass List and Mobile App Bypass list that are known to break when their traffic is intercepted, due to certificate pinning. The list is continually being updated; however, traffic for additional applications and domains that are not included in the list might break. For these applications and domains, Symantec recommends using the policy editor to exempt them from SSL interception.

For more information on Symantec Web Security Service, see the Web Security Service Solutions Dashboard.

SSL Bypass List

The following table lists the applications that are in the SSL Bypass List by default:

Note: The applications in the  SSL Bypass List are also exempted for mobile devices.
Application URL
Apple iTunes
  • .itunes.apple.com
DropBox
  • dropbox.com
Microsoft Downloads
  • download.microsoft.com
  • download.windowsupdate.com
  • ntservicepack.microsoft.com
  • office.microsoft.com/officeupdate
  • update.microsoft.com
  • windowsupdate.com
  • windowsupdate.microsoft.com
  • wustat.windows.com
Mozilla
  • mozilla.org
Mozilla Messaging
  • mozillamessaging.com

Office 365 Exchange Online

Note: If a rule exists in CASB or Elastica domains for an Office 365 Exchange URL, this exepmtion is ignored and traffic for this application is intercepted.
  • office.com
Skype for Business
  • az801095.vo.msecnd.net
  • i.s-microsoft.com
ThreatPulse
  • cloudwebsecurity.att.com
  • ctc.threatpulse.com
  • portal.threatpulse.com
TomTom
  • tomtom.com
Webex
  • webex.com
Windows Support
  • update.microsoft.com

 

Mobile App Bypass List

The following table lists the applications that are in the Mobile App Bypass list by default:

Note: In the default policy, the applications in the Mobile App Bypass list are only exempted for mobile devices (unless the site or application is also listed in the SSL Bypass List).

Application

 URL
Adobe Photoshop Express
  • dlmping2.adobe.com
  • dlmping3.adobe.com
  • fpdownload.adobe.com
  • get.adobe.com
  • get3.adobe.com
  • images2.adobe.com
  • ox-d.adobe
  • platformdl.adobe.com
  • sstats.adobe
  • stats.adobe.com
AirBnB
  • airbnb.com
Amazon Alexa
  • alexa.amazon.com
  • amazon.com
Apple App Store
  • apple.com
  • apple.com.akadns.net
  • gs-loc.apple.com
  • gsa.apple.com
  • icloud.com
  • itunes.apple.com
  • mzstatic.com
  • securemetrics.apple.com
  • swscan.apple.com
  • xp.apple.com
Apple iTunes
  • apple.com
  • apple.com.akadns.net
  • gs-loc.apple.com
  • gsa.apple.com
  • icloud.com
  • itunes.apple.com
  • mzstatic.com
  • securemetrics.apple.com
  • swscan.apple.com
  • xp.apple.com
Chase
  • chase.com
DropBox
  • block.dropbox.com
  • client.dropbox.com
  • client-cf.dropbox.com
  • d.dropbox.com
  • dl-debug.dropbox.com
  • dropbox.com
  • log.dropbox.com
  • m.dropbox.com
  • notify.dropbox.com
Facebook Messanger
  • facebook.com
Google Drive
  • accounts.gstatic.com
  • accounts.google.com
  • accounts.youtube.com
  • client3.google.com
  • clients1.google.com
  • clients2.google.com
  • clients3.google.com
  • clients4.google.com
  • clients5.google.com
  • clients6.google.com
  • cros-omahaproxy.appspot.com
  • dl.google.com
  • dl-ssl.google.com
  • googleapis.com
  • gstatic.com
  • m.google.com
  • omahaproxy.appspot.com
  • pack.google.com
  • safebrowsing-cache.google.com
  • safebrowsing.google.com
  • ssl.gstatic.com
  • tools.google.com
Google Hangouts
  • accounts.google.com
  • apis.google.com
  • appspot.com
  • client-channel.google.com
  • clients1.google.com
  • clients2.google.com
  • clients3.google.com
  • clients4.google.com
  • clients5.google.com
  • clients6.google.com
  • googleapis.com
  • googleusercontent.com
  • gstatic.com
  • pis.google.com
  • video.google.com
Join.me
  • join.me
  • joinme.com
  • whatsapp.net
Lynda.com
  • lynda.com
Microsoft Excel Mobile
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Microsoft Office Lens
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Microsoft OneNote
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Microsoft Powerpoint
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Microsoft Word
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com
Overwatch
  • battle.net
  • blizzard.com
  • blzddist1-a.akamaihd.net
  • blzddist2-a.akamaihd.net
PayPal
  • paypal.com
SoundCloud
  • soundcloud.com
Southwest Mobile App
  • mobile.southwest.com
  • smetrics.southwest.com
Starcraft
  • battle.net
  • blizzard.com
  • blzddist1-a.akamaihd.net
  • blzddist2-a.akamaihd.net
Twitter
  • twitter.com
Vimeo
  • m.vimeo.com
  • vimeo.com
Windows Apps
  • apps.microsoft.com
  • clientconfig.passport.net
  • eus-streaming-video-msn-
  • com.akamaized.net
  • live.com
  • microsoft.com
  • msftncsi.com
  • windowsupdate.com
  • wns.windows.com
  • wustat.windows.com

 

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.