You can define a Browser Control policy to warn users from going out to the Internet when they are using outdated or vulnerable browsers, plugins, and applications. The service examines browser versions and patches (including beta browsers), Internet applications (for example, Adobe Flash, Sun Java, Apple QuickTime), and media download applications (for example, Windows Media Player).
You can also reduce the security risk of your organization by blocking the use of browsers or specific browser versions that are older or that have known vulnerabilities. The Zscaler admin portal displays the last 12 versions for most browsers.
The service has Secure Browsing reports that you can run to track the use of vulnerable browsers, plugins, and applications, so you can take the necessary actions. If you want to learn about running secure browsing reports, see How do I run secure browsing reports?
To define a Browser Control policy, follow the instructions below.
- Go to Policy > Browser Control.
- Browser Vulnerability Protection: Select Enable Checks & User Notification to enable this feature, then complete the additional fields that appear.
- How Often to Check: Select how frequently the service checks browsers and relevant applications. The options are Daily, Monthly, or Weekly.
- Disable Notification for Browsers: Turn on to disable warnings for all browsers.
- Disable Notification for Plugins: Choose which plugins are exempt from warnings. You can search for plugins and choose any number of plugins.
- Disable Notification for Applications: Choose which applications are exempt from warnings. You can search for applications and choose any number of applications.
- Browser Blocking: The service allows browsers of any version to access the Internet. Here, you can block the use of certain browsers. To do so, ensure that Allow All Browsers is not enabled, and when the list of browsers appears, choose which browsers you want to block.
- Click Save and activate the change.
To see how this policy fits into the overall order of policy enforcement, see How does the Zscaler service enforce policies?