There seems to be a somewhat frequent question that pops up here from users with GlobalProtect installed being concerned about what their company/organization (sometimes posts are from students at educational institutions) can see on their laptop or activity initiated from their laptop. Do people agree it would be beneficial to have a rule stopping these questions, or pinned post explaining GlobalProtect and the visibility the admin of the organization has into devices running GlobalProtect?
IMO the only answer is “It depends”. Everything is based on how GP is configured by an organisation, which none of us are going to know, accept that the agent can be configured to have very in-depth visibility into the device running the agent (programs running, files that are stored on the device, etc.) and the communications it sends (websites you visit, non-web traffic, etc.).
Users that are concerned about this, if using a work/org provided device, need to read and understand their organizations acceptable/internet/device use policy and not use the device for personal reasons. If it’s a personal device, they need to speak with the organization to understand what GlobalProtect can do/see and then based on their own judgement and trust of the response, decide if they want to install GlobalProtect or not (or delete it if already installed).
Agreed. There are no right answers and to be honest, just seems like 1. People are trying to figure out a way to circumvent controls and/or 2. Trying to figure out if they can be lazy during WFH or similar.
In either case, as the admin responsible for said controls, I’m not going to tell someone it’s safe to search porn on company devices even if I don’t monitor it. Which I do anyway.
People need to grow up and be responsible adults in the work place.
I’ve also found people have asked this question in an excessive vacuum. GP doesn’t mean much in terms of privacy impact if XDR is installed next to it and it can parse your browser history lol. It’s part of why you assume snooping on corp devices so it’s sort of covered here though.
/r/Citrix has a pinned post at the top of the sub which was added during the pandemic WFH surge explaining something similar (although I different case in Citirix land). I think it did help reduce the posts considerably.
It’s the job of everyone on here to protect company resources from external threats as well as the employees. Funny that people won’t ask these questions to their own security team but will come here expecting us to be complicit in whatever they’re doing.
I found this post a year later while trying to debug chatgpt issues I was having. My suggestion for the sub would be for someone to write a really epic post detailing this particular question and then have the mods sticky it. And maybe update this and a couple other posts that hit the top of google for related queries with a link to that post.
On my end, I’m a tech (iam) consultant with various clients that use it for remote access, and it’s not so much that I don’t like the idea of a client seeing things happening on my device, but my issue is more that it interferes with things even when not in use.
I have a feeling, for example, that there’s something blocking a particular JS library in chatgpt from loading. Or this feeling might be wildly untrue. I’m trying to figure it out.
So it’s not that I’m trying to circumvent security so much as I just need to setup my devices better to handle the 5 different vpn clients use without screwing up my networking.
And of course, there’s some truth to the statement of “well you agreed to your clients’ network policy when you signed them”.
I have the GlobalProtect on my computer, but disconnected from the portal. Can they still see all of my info and things i’ve typed into the computer even after disabling it? Its a school owned one so i’m not too sure, as they also have another program running called “LearnSafe”. If anyone could lmk that’d help out a lot.
Without being too ‘omg wut’ or fear mongering, decryption port mirror would like a word with you
But yes, in the end, you’re connected to someones VPN. Assume everything is subject to inspection. If you don’t like it, don’t do it on that box. Pretty simple
I’m not disagreeing with you, just providing further detail on why the other commenter might have replied “No”. I’m making a big assumption in why they left that response. It was kind of a bad response when it’s only a one word response.
Agreed, XDR can do so much more in terms of visibility into what you’re doing on a device. My guess is that GP is more visible to the end user and/or more widely deployed that it drives more questions here than XDR does.
I’ve been using PA boxes since ‘12. I’ve had dozens of concerns over the years from staff and students over what we can see them doing. It’s never been any deeper than that, other than concerns over decryption the past few years.
