What Zscaler App processes should I whitelist?


What Zscaler App processes should I whitelist?

While Zscaler has whitelisting agreements for Zscaler App in place with specific endpoint protection vendors such as Trend Micro and Kaspersky Labs, for some endpoint protection products like anti-virus and personal firewall, you may need to perform additional whitelisting to ensure full Zscaler App functionality.

Therefore, Zscaler recommends that your users' Windows and MAC devices have inbound rules that allow the following Zscaler App binaries and processes.

Processes Whitelist

You can use GPO to define rules to allow the following processes.

Note: % is a macro that represents the drive where the program files are located. Program files are usually located on the C drive. There are exceptions; for example, on an Amazon WorkSpace (AWS), the program files are on the D drive.

Windows 64-bit

%ProgramFiles(x86)%\Zscaler\ZSATray\ZSATray.exe

%ProgramFiles(x86)%\Zscaler\ZSATunnel\ZSATunnel.exe

%ProgramFiles(x86)%\Zscaler\ZSAService\ZSAService.exe

%ProgramFiles(x86)%\Zscaler\ZSAUpdater\ZSAUpdater.exe

%ProgramFiles(x86)%\Zscaler\Updater\zscalerappupdater.exe

%ProgramFiles(x86)%\Zscaler\Updater\zscalerchecksumverifier.exe

%ProgramFiles(x86)%\Zscaler\ThirdParty\CertUtil\certutil.exe

%ProgramFiles(x86)%\Zscaler\ThirdParty\Filechecksum\fciv.exe

%ProgramFiles(x86)%\Zscaler\ThirdParty\TAPDriver\Zscaler-Network-Adapter-1.0.1.0.exe

%ProgramFiles(x86)%\Zscaler\ThirdParty\TAPDriver\Zscaler-Network-Adapter-1.0.2.0.exe

Windows 32-bit

%ProgramFiles%\Zscaler\ZSATray\ZSATray.exe

%ProgramFiles%\Zscaler\ZSATunnel\ZSATunnel.exe

%ProgramFiles%\Zscaler\ZSAService\ZSAService.exe

%ProgramFiles%\Zscaler\ZSAUpdater\ZSAUpdater.exe

%ProgramFiles%\Zscaler\Updater\zscalerappupdater.exe

%ProgramFiles%\Zscaler\Updater\zscalerchecksumverifier.exe

%ProgramFiles%\Zscaler\ThirdParty\CertUtil\certutil.exe

%ProgramFiles%\Zscaler\ThirdParty\Filechecksum\fciv.exe

%ProgramFiles%\Zscaler\ThirdParty\TAPDriver\Zscaler-Network-Adapter-1.0.1.0.exe

%ProgramFiles%\Zscaler\ThirdParty\TAPDriver\Zscaler-Network-Adapter-1.0.2.0.exe

MAC

/Applications/Zscaler/Zscaler.app/Contents/PlugIns/ZscalerTunnel

/Applications/Zscaler/Zscaler.app/Contents/PlugIns/ZscalerService

/Applications/Zscaler/Zscaler.app/Contents/MacOS/Zscaler

/Applications/Zscaler/.Updater/autoupdate-osx.app/Contents/MacOS/ZscalerUpdater

Zscaler App Identifier: com.zscaler.Zscaler

Bypasses for Firewall

Additionally, if you have a GPO-managed or AV-managed host firewall, you may configure an inbound firewall rule on your endpoint protection product for ZSATunnel.exe processes for all ports, protocols, and network interfaces.

Windows

ZSATunnel.exe: Inbound and Outbound

ZSATray.exe: Outbound

ZSAUpdater: Outbound

ZSAService.exe: Outbound

Zscalerappupdater.exe: Outbound

MAC

ZscalerTunnel: Inbound and Outbound

ZscalerService: Outbound

Zscaler: Outbound

ZscalerUpdater: Outbound