Ask4key IT & Network Customer Support

Zscaler | Adobe

1. Introduction 

How to add custom block rules within ZIA for adobe cloud so that user is still able to access adobe services without the cloud sync affecting bandwidth and potential data leakage/ data collection by external party/parties.

2. Prerequisites

• Admin access to the Zscaler Internet Access (ZIA) portal

• A list of Adobe Cloud Sync domains and services to block

• Knowledge of custom URL categories and firewall rules in ZIA

Step 1: Identify Adobe Cloud Sync Services

Adobe Cloud Sync uses various domains and services for file synchronization. Some of the primary domains to block include:

• *.adobe.io

• *.creativecloud.adobe.com

• *.adobecc.com

• *.adobelogin.com

• cc-api-data.adobe.io

• cc-api-storage.adobe.io

Additional URLs

• .acrobat.adobe.com/dc-files2-dropin/3.37.0_2.695.0/dc-storage-chunk.js
  .ui.messaging.adobe.com/2.77.2/bundle.js
  .acrobat.adobe.com/dc-context-board-dropin/3.22.5_2.148.0/dup-dialog-chunk.js
  .acrobat.adobe.com/dc-pdfverbs-web/3.60.0_4.1227.0/upload-provider.js

Step 2: Create a Custom URL Category

1. Log in to the ZIA Admin Portal.

2. Navigate to Administration > URL Categories.

3. Click Add URL Category.

4. Name the category (e.g., "Block Adobe Cloud Sync").

5. Under Domains, add the Adobe Cloud Sync domains listed in Step 1.

6. Click Save.

Step 3: Create a URL Filtering Rule

1. Navigate to Policy > URL Filtering.

2. Click Add Filtering Rule.

3. Provide a rule name (e.g., "Block Adobe Cloud Sync").

4. Under Users/Groups, select the affected user group.

5. Under URL Categories, select the previously created category ("Block Adobe Cloud Sync").

6. Under Action, select Block.

7. Click Save.

Step 4: Block Adobe Sync Traffic with Firewall Rules

1. Navigate to Policy > Firewall Control.

2. Click Add Firewall Rule.

3. Name the rule (e.g., "Block Adobe Sync Traffic").

4. Under Source IPs/Users, select the affected users or groups.

5. Under Destination, select Internet.

6. Under Application, search for and select any Adobe-related cloud applications.

7. Under Action, select Deny.

8. Click Save.

Step 5: Validate and Test the Block Rules

1. Attempt to access Adobe Creative Cloud Sync from a test machine.

2. Verify that the sync process is blocked by checking logs under Analytics > Web Insights.

3. Ensure no unintended services are affected by refining the rules if necessary.

Step 6: Monitor and Update

• Regularly review logs and reports in Web Insights and Firewall Logs.

• Update the blocked domains list as Adobe Cloud services evolve.

• Adjust policies based on business requirements.

• 
  

Conclusion

By implementing these custom block rules in Zscaler Internet Access (ZIA), you can effectively prevent Adobe Cloud Sync services from functioning, thereby improving data security and reducing unauthorized file transfers. Ensure continuous monitoring and refinement for optimal enforcement.

-Reference ticket - #219100 - Custom block rule for adobe cloud storage

*Some other solution/advise would be to setup file type control for upload.