Bypass Rules for Certificate Pinning

Certificate Pinning is a security technique used by applications to ensure sever's certificate adheres to certain rules to enhance data security against potential threats. As a result, these applications may not recognize the Harmony SASE certificate as valid and blocks the connection.

Check Point recommends to use process name or domain to bypass the traffic to applications that use certificate pinning.

The table lists some of the popular applications that use certificate pinning and provides their domains to bypass:

Application

Program

Domain

Adobe Suite (including Acrobat Reader, Creative Cloud and software updates)

N/A

Fill in these domain lists:

Apple's iMessages, iTunes, App Store, Mail

N/A

  • p24-keyvalueservice.icloud.com

  • apps.apple.com

  • itunes.apple.com

  • mzstatic.com

  • gs-loc.apple.com

  • gsa.apple.com

  • securemetrics.apple.com

  • swscan.apple.com

  • xp.apple.com

  • ppq.apple.com

  • akadns.net

  • mail.me.com

  • music.apple.com

AWS Console

N/A

  • console.aws.amazon.com

  • docs.aws.amazon.com

  • signin.aws.amazon.com

  • fls-na.amazon.com

  • cdn.assets.as2.amazonaws.com

  • aws-signin-website-assets.s3.amazonaws.com

  • opfcaptcha-prod.s3.amazonaws.com

  • d1dgtfo2wk29o4.cloudfront.net

  • images-na.ssl-images-amazon.com

Bitdefender

N/A

  • cdn.bitdefender.net

  • download.bitdefender.com

  • login.bitdefender.net

  • login.bitdefender.com

  • nimbus.bitdefender.net

  • push.bitdefender.net

  • upgrade.bitdefender.com

DropBox

  • Dropbox.exe

  • DropboxUpdate.exe DbxSvc.exe
  • com.getdropbox.dropbox
  • com.getdropbox.dropbox.garcon
  • com.getdropbox.dropbox.activityprovider
  • com.getdropbox.dropbox.fileprovider

N/A

Evernote

evernote.exe

  • announce.evernote.com

  • cd1. evernote.com

  • evernote-a.akamaihd.net

  • www.evernote.com

Google Drive

  • Windows:

    googledrivesync.exe

  • macOS:

    • com.google.drivefs

    • com.google.drivefs.finderhelper.findersync

N/A

Google Services

N/A

  • alt2-mtalk.google.com

  • android.clients.google.com

  • www.google.com

  • android.googleapis.com

  • cryptauthenrollment.googleapis.com

  • device-provisioning.googleapis.com

  • digitalassetlinks.googleapis.com

  • fcmconnection.googleapis.com

  • fcmtoken.googleapis.com

  • firebaseperusertopics-pa.googleapis.com

  • play.googleapis.com

  • semanticlocation-pa.googleapis.com

  • lh3.googleusercontent.com

  • play-lh.googleusercontent.com

  • gstatic.com

  • gvt1.com

Java Updates

N/A

  • sjremetrics.java.com

  • javadl-esd-secure.oracle.com

LogMeIn

logmein.exe

Fill in this domain list

Microsoft Defender

N/A

Fill in this domain list

Microsoft Lync and Skype

N/A

  • lync.com

  • az801095.vo.msecnd.net

  • i.s-microsoft.com

Microsoft Office365

Configure within Office365:

Go to Policy > URL & Cloud App Control > Advanced Settings.

For outlook, add these domains:

Microsoft OneDrive

N/A

  • cdn.funcaptcha.com

  • fpt.live.com

  • login.live.com

  • odc.officeapps.live.com

  • skyapi.policies.live.net

  • signup.live.com

  • skyapi.live.net

  • pipe.aria.microsoft.com

  • data.microsoft.com

  • svc.ms

  • msauth.net

  • cdn.onenote.net

Microsoft Windows Store

N/A

  • eus-streaming-video-msn-com

  • wns.windows.com

  • live.com

  • clientconfig.passport.net

  • wustat.windows.com

  • windowsupdate.com

  • msftncsi.com

  • microsoft.com

Microsoft Updates

N/A

  • settings-win.data.microsoft.com

  • vortex-win.data.microsoft.com

  • delivery.mp.microsoft.com

  • tsfe.trafficshaping.dsp.mp.microsoft.com

  • update.microsoft.com

  • sls.update.microsoft.com

Slack

  • Windows:

    slack.exe

  • macOS:

    • com.tinyspeck.slackmacgap

    • com.tinyspeck.slackmacgap.helper

N/A

Spotify

N/A

spotify.com

Webex

  • atmrg.exe

  • wmlhost.exe

  • webexmta.exe

  • washost.exe

webex.com

Zoom

Windows:

zoom.exe

macOS:

us.zoom.xos

zoom.us

Default Bypass Rules

Harmony SASE provides a list of preconfigured bypass rules for applications that use certificate pinning.

Important - Traffic that matches a bypass rule is not inspected and is excluded from Internet Access Policy enforcement, Threat Prevention, and DLP controls.

To view the default bypass rules, access Harmony SASE and click Internet Access > Bypass Rules. The default bypass rules disappear if you add new bypass rules.

Rule Name

Default Status

Source

Programs

Domains

Categories

Bypass Microsoft Teams - Pre-configured

Enabled

Any

  • com.microsoft.teams

  • Teams.exe

N/A

N/A

Bypass sensitive traffic - Pre-configured

Disabled

Any

Any

N/A

Financial Services, Government, Health and Medicine, Legal

Bypass Microsoft Outlook - Pre-configured

Enabled

Programs

  • com.microsoft.Outlook.exe

  • outlook.exe

N/A

N/A

Bypass Microsoft updates - Pre-configured

Enabled

Any

Any

  • settings-win.data.microsoft.com

  • vortex-win.data.microsoft.com

  • delivery.mp.microsoft.com

  • tsfe.trafficshaping.dsp.mp.microsoft.com

  • update.microsoft.com

  • sls.update.microsoft.com

N/A

Bypass Adobe updates - Pre-configured

Enabled

Any

Any

  • adobe.com

  • adobetag.com

N/A

Bypass Java updates - Pre-configured

Enabled

Any

Any

  • sjremetrics.java.com

  • javadl-esd-secure.oracle.com

N/A

Bypass Mozilla Firefox updates - Pre-configured

Enabled

Any

Any

download-installer.cdn.mozilla.net

N/A

Bypass AWS console - Pre-configured

Enabled

Any

Any

  • console.aws.amazon.com

  • docs.aws.amazon.com

  • signin.aws.amazon.com

  • fls-na.amazon.com

  • cdn.assets.as2.amazonaws.com

  • aws-signin-website-assets.s3.amazonaws.com

  • opfcaptcha-prod.s3.amazonaws.com

  • d1dgtfo2wk29o4.cloudfront.net

  • images-na.ssl-images-amazon.com

N/A

Bypass Dropbox - Pre-configured

Enabled

Programs

  • Dropbox.exe

  • DropboxUpdate.exe DbxSvc.exe
  • com.getdropbox.dropbox
  • com.getdropbox.dropbox.garcon
  • com.getdropbox.dropbox.activityprovider
  • com.getdropbox.dropbox.fileprovider

N/A

N/A

Bypass Google services - Pre-configured

Enabled

Any

Any

  • alt2-mtalk.google.com

  • android.clients.google.com

  • www.google.com

  • android.googleapis.com

  • cryptauthenrollment.googleapis.com

  • device-provisioning.googleapis.com

  • digitalassetlinks.googleapis.com

  • fcmconnection.googleapis.com

  • fcmtoken.googleapis.com

  • firebaseperusertopics-pa.googleapis.com

  • play.googleapis.com

  • semanticlocation-pa.googleapis.com

  • lh3.googleusercontent.com

  • play-lh.googleusercontent.com

  • gstatic.com

  • gvt1.com

N/A

Bypass Google Drive – Pre-configured

Enabled

Programs

  • googledrivefs.exe

  • com.google.drivefs

  • com.google.drivefs.finderhelper.findersync

N/A

N/A

Bypass OneDrive - Pre-configured

Enabled

Any

Any

  • cdn.funcaptcha.com

  • fpt.live.com

  • odc.officeapps.live.com

  • skyapi.policies.live.net

  • signup.live.com

  • skyapi.live.net

  • pipe.aria.microsoft.com

  • data.microsoft.com

  • svc.ms

  • msauth.net

  • cdn.onenote.net

N/A

Bypass LogMeIn - Pre-configured

Enabled

Any

Any

  • cdngetgo.com

  • expertcity.com

  • getgo.com

  • getgocdn.com

  • getgoservices.com

  • getgoservices.net

  • go2assist.me

  • gofastchat.com

  • goto-rtc.com

  • gotoassist.com

  • gotoassist.at

  • gotoassist.me

  • gotomeet.me

  • gotomeet.at

  • gotomeeting.com

  • gotomypc.com

  • gotostage.com

  • gototraining.com

  • gotowebinar.com

  • helpme.net

  • accounts.logme.in

  • joingotomeeting.com

  • jointraining.com

  • joinwebinar.com

  • logmein.com

  • logmeininc.com

  • logmeinrescue.com

N/A

Bypass Microsoft Lync and Skype - Pre-configured

Enabled

Any

Any

  • lync.com

  • az801095.vo.msecnd.net

  • i.s-microsoft.com

N/A

Bypass Apple services - Pre-configured

Enabled

Any

Any

  • p24-keyvalueservice.icloud.com

  • apps.apple.com

  • itunes.apple.com

  • mzstatic.com

  • gs-loc.apple.com

  • gsa.apple.com

  • securemetrics.apple.com

  • swscan.apple.com

  • xp.apple.com

  • ppq.apple.com

  • akadns.net

  • mail.me.com

  • music.apple.com

N/A

Bypass Bitdefender services - Pre-configured

Enabled

Any

Any

  • cdn.bitdefender.net

  • download.bitdefender.com

  • login.bitdefender.net

  • login.bitdefender.com

  • nimbus.bitdefender.net

  • push.bitdefender.net

  • upgrade.bitdefender.com

N/A

Bypass Zoom - Pre-configured

Enabled

Any

Any

zoom.us

N/A

Bypass Webex - Pre-configured

Enabled

Any

Any

webex.com

N/A

Bypass Spotify - Pre-configured

Enabled

Any

Any

spotify.com

N/A

Check Point Updates - HTTPS bypass

Enabled

Any

Any

  • avupdates.checkpoint.com

  • secureupdates.checkpoint.com

  • updates.checkpoint.com

N/A

Dashlane - HTTPS bypass

Enabled

Any

Any

  • dashlane.com

  • *.dashlane.com

N/A

Facebook – Pre-configured

Disabled

Any

Any

facebook.com

N/A

Finch VPN - HTTPS bypass

Enabled

Any

Any

  • amber.finchapi.com

  • www.finchvpn.com

N/A

MyQuickCloud - HTTPS bypass

Enabled

Any

Any

*.myquickcloud.com

N/A

Elster de - HTTPS bypass

Enabled

Any

Any

  • *.elster.de

  • datenannahme1.elster.de

  • datenannahme2.elster.de

  • datenannahme3.elster.de

  • datenannahme4.elster.de

  • datenannahme5.elster.de

  • datenannahme6.elster.de

  • datenannahme7.elster.de

  • datenannahme8.elster.de

  • datenannahme9.elster.de

  • datenannahme0.elster.de

  • datenannahme.elster.de

N/A

Finding the Process Name of an Application

You can use the process name to bypass the traffic to the application that uses certificate pinning.

To find the process name in Windows:

  1. Open Task Manager.

  2. Right-click any column in the Processes tab and select Process name.

    The Process name column appears in the table.

  3. Search for your application and copy the process name.

To find the process name in macOS, do one of these:

  • Go to Activity Monitor:

    1. Select the application's process.

    2. Click View and select Inspect Process.

    3. Go to Sample > Binary Images.

    4. Identify the process name from the first item in the list.

  • Go to Finder:

    1. Navigate to the Applications folder.

    2. Select the application.

    3. Right-click the application and select Show Package Contents.

    4. Go to the Contents folder and open the Info.plist file.

    5. Find the process name next to the CFBundleIdentifier key.

To find the process name in Linux:

  1. Run this command in the terminal:

    ps aux | grep <application_name>

    The process name is displayed in the second-to-last column of the output.