To help provide a better out of the box security posture, Netskope introduced the "EnhanceCertPinnedApplist" feature to prevent users from bypassing certain controls.
Affected Products:
Netskope
Affected Versions:
v76 and Later
Not applicable.
Netskope can allow admins to make steering decisions for certificate-pinned apps. By default, this is done based on the name of the process where the traffic originates from. However, this is easy to manipulate or spoof if you are aware of this logic. Because of this, Netskope also allows enabling of the "EnhanceCertPinnedApplist" feature. Once EnhanceCertPinnedApplist is enabled, it allows customers to also leverage domains that a cert-pinned app must send traffic to, and to only those domains. This adds an additional level of security control.
Netskope is moving towards a secure out of the box posture and has enabled the "EnhanceCertPinnedApplist" flag to be the default in Netskope release 76.
For scenarios where the cert-pinned apps talk to additional domains that are not known to Netskope, these domains can either be added individually. They could also be added by using a wildcard (*). Alternatively, the feature can be disabled entirely.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.