KB Article | Forcepoint Support

Problem Description

How can Skype be blocked if a user has saved their credentials on a personal computer and automatically logs in when connected to the Forcepoint network?

 

Resolution

If a user has saved their logon credentials in the Skype logon dialog box, Forcepoint Web Security will not be able to block Skype.

For example, if a user is using a personal computer, that user can save their Skype password and set the application to start automatically. When the personal computer turns on in a Forcepoint-filtered network, the user will be able to connect to Skype automatically.

In order to prevent credentials from being saved, a registry entry must be placed on each client machine (enforceable via Active Directory group policy).

As a logon script, the registry key below may be deployed:
  1. Click Start, then in "Search programs and files" type Run.
    1. Alternatively, press Start key+R.
  2. Type regedit.
  3. Click OK.
  4. Search for [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone]
    1. "MemoryOnly"=dword:00000001
Alternatively, type the registry key into a file and save with a filename similar to SkypeDisableAutoLogin.reg and select the file on the client machine.

The two registry keys below, will force Skype users to use the Skype standard protocol, which aids Forcepoint in blocking the application:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone]
  • "ListenHTTPPorts"=dword:00000000
  • "DisableTCPListen"=dword:00000000

Article Feedback



Thank you for the feedback and comments.