What Zscaler App processes should I whitelist?


What Zscaler App processes should I whitelist?

While Zscaler has whitelisting agreements for the Zscaler App in place with specific endpoint protection vendors such as Trend Micro and Kaspersky Labs, for some endpoint protection products like anti-virus and personal firewall, you might need to perform additional whitelisting to ensure full Zscaler App functionality.

Zscaler recommends that your users' devices have inbound rules that allow the following Zscaler App binaries and processes.

Processes Whitelist

You can use GPO to define rules that allow the following processes:

%ProgramFiles(x86)% and %ProgramFiles% are variables that represent the drive where the Windows program files are located. Typically, program files are located on the C drive. However there are exceptions, for example on Amazon WorkSpaces (AWS), program files are on the D drive.

Windows 64-bit

  • %ProgramFiles(x86)%\Zscaler\ZSATray\ZSATray.exe
  • %ProgramFiles(x86)%\Zscaler\ZSATunnel\ZSATunnel.exe
  • %ProgramFiles(x86)%\Zscaler\ZSAService\ZSAService.exe
  • %ProgramFiles(x86)%\Zscaler\ZSAUpdater\ZSAUpdater.exe
  • %ProgramFiles(x86)%\Zscaler\Updater\zscalerappupdater.exe
  • %ProgramFiles(x86)%\Zscaler\Updater\zscalerchecksumverifier.exe
  • %ProgramFiles(x86)%\Zscaler\ThirdParty\CertUtil\certutil.exe
  • %ProgramFiles(x86)%\Zscaler\ThirdParty\Filechecksum\fciv.exe
  • %ProgramFiles(x86)%\Zscaler\ThirdParty\TAPDriver\Zscaler-Network-Adapter-1.0.1.0.exe
  • %ProgramFiles(x86)%\Zscaler\ThirdParty\TAPDriver\Zscaler-Network-Adapter-1.0.2.0.exe
  • %ProgramData%\Zscaler

Windows 32-bit

  • %ProgramFiles%\Zscaler\ZSATray\ZSATray.exe
  • %ProgramFiles%\Zscaler\ZSATunnel\ZSATunnel.exe
  • %ProgramFiles%\Zscaler\ZSAService\ZSAService.exe
  • %ProgramFiles%\Zscaler\ZSAUpdater\ZSAUpdater.exe
  • %ProgramFiles%\Zscaler\Updater\zscalerappupdater.exe
  • %ProgramFiles%\Zscaler\Updater\zscalerchecksumverifier.exe
  • %ProgramFiles%\Zscaler\ThirdParty\CertUtil\certutil.exe
  • %ProgramFiles%\Zscaler\ThirdParty\Filechecksum\fciv.exe
  • %ProgramFiles%\Zscaler\ThirdParty\TAPDriver\Zscaler-Network-Adapter-1.0.1.0.exe
  • %ProgramFiles%\Zscaler\ThirdParty\TAPDriver\Zscaler-Network-Adapter-1.0.2.0.exe
  • %ProgramData%\Zscaler

macOS

  • /Applications/Zscaler/Zscaler.app/Contents/PlugIns/ZscalerTunnel
  • /Applications/Zscaler/Zscaler.app/Contents/PlugIns/ZscalerService
  • /Applications/Zscaler/Zscaler.app/Contents/MacOS/Zscaler
  • /Applications/Zscaler/.Updater/autoupdate-osx.app/Contents/MacOS/ZscalerUpdater
  • Zscaler App Identifier: com.zscaler.Zscaler

Bypasses for Firewall

If you have a GPO-managed or AV-managed host firewall, you can configure an inbound firewall rule on your endpoint protection product for ZSATunnel.exe processes for all ports, protocols, and network interfaces.

Windows

  • ZSATunnel.exe: Inbound and Outbound
  • ZSATray.exe: Outbound
  • ZSAUpdater: Outbound
  • ZSAService.exe: Outbound
  • Zscalerappupdater.exe: Outbound

macOS

  • ZscalerTunnel: Inbound and Outbound
  • ZscalerService: Outbound
  • Zscaler: Outbound
  • ZscalerUpdater: Outbound