Remove "Proxy & Filter Avoidance" from "Threats" categorization
Adam
I understand it is important to block "Proxy & Filter Avoidance". However, I would not classify this as a "Threat".
Especially
because many browsers / OSes contact "proxies" by default now, giving me false-positive threats. For example, Apple visits safebrowsing.apple.Steve Staden
Steve Staden
Peter Lowe (DNSFilter)
Hey Adam, I see your point of view but I'm afraid I have to disagree: any user of yours attempting to circumvent threat protection that you might have in place is opening up your network to
all
kinds of threats. This in itself is a threat to the safety of your network.Apple's Safe Browsing (which I believe proxies Google's Safe Browsing service) is designed to protect against a certain type of threat, but is very general and shouldn't be relied on - we often see domains which are clearly hosting malware or phishing resources, which haven't been recognised by Safe Browsing yet.
Mikey @DNSFilter
Thanks for the request Adam. The Proxy & Filter Avoidance category is a challenge because, as you mentioned, many digital assets communicate with proxies to get their job done but another use is circumventing DNS protection.
Would controlling visibility of Proxy & Filter Avoidance in reporting be a good compromise for you?
Mikey @DNSFilter
Thanks for the feedback. For a short term solution, we recommend adding any known utility domains (like those used by your VPN) to the allow list of the appropriate policy for more granular control.
Erik
I've had reports of people having trouble with devices that have Covenant Eyes on our wifi. Maybe this has something to do with it. I believe CE uses a VPN. I like to use filters and accountability software in multiple layers, but that doesn't work if those layers can't work together.