Block by SSL traffic or firewall settings KSC 14

[MihailSol]

Hello dear colleagues,

I want to block chat.openai.com for certain teams ( different policies for different departments ). I have already blocked chatGPT by web control with *.openai.com*. But there are people who started to use plugins and API to use chatGPT again. For some reason, I cannot block them with a firewall rule. Probably I'm mistaken somewhere. 

Can someone explain where I got that wrong. I've tried to place it in application network rules too. Still nothing. Opens like a charm 😄 

[MihailSol]

I found that if I place their public IP with /16 masc it works. But i blocked microsoft website too and etc... I'm totally not a pro network guy.,, 

[Zied]

Hi MihailSol,

I suggest that you use Web control : https://support.kaspersky.com/KESWin/12.4/en-US/128048.htm please refer to this link for instructions about adding a rule : https://support.kaspersky.com/KESWin/12.4/en-US/123289.htm

[MihailSol]

11 minutes ago, Zied said:

Hi MihailSol,

I suggest that you use Web control : https://support.kaspersky.com/KESWin/12.4/en-US/128048.htm please refer to this link for instructions about adding a rule : https://support.kaspersky.com/KESWin/12.4/en-US/123289.htm

Thank you very much for the reply!

Yes, I'm currently using web control with mask *.openai.com*  and that is successfully blocking everything that is directly opened through the browser. But let's say I have a program that has integrated chatgpt or something else in it and it communicates with the given resource. Then it can pass. Or if it's a browser extension it also communicates without a problem even though you cannot directly open the website. 

That's why I want to be able to block all kind of communication to the " destination ".

---------------------------------------------------------------------------------------------

Edit:  I have found how to work with it correctly. Refer to the image below. 
For website and it's domain/subdomains - you can use dnsdumpster or relevant service. From there I got the IP address in the image below. You just cannot use *. wildcards to block everything containing this name like in the web filtering. 

[Demiad]

@MihailSol hello

FYI

New feature will be available in KES 12.5

https://eap.kaspersky.com/topic/5721/what-s-new
"A new category of web resources Generative AI Tools has been added. You can configure access to websites from the new category using Web Control."