Disabling the QUIC protocol
This topic provides steps on how to disable QUIC protocol in Google Chrome and Opera browsers.
Overview
QUIC is the name for an experimental protocol and it stands for Quick UDP Internet Connection. The protocol supports a set multiplexed connections over UDP, and was designed to provide security protection equivalent to TLS/SSL, along with reduced connection and transport latency.
Some websites are not being filtered because they use the QUIC protocol. QUIC is not a standard SSL protocol and it is not filtered by MITM (certificate is not signed by MITM).
To check if a website is using the QUIC protocol in Google Chrome, install the “spdy http2 indicator” extension.
To check if a website is using the QUIC protocol in Opera, install the HTTP Headers extension.
Disabling QUIC protocol In Google Chrome
The QUIC protocol can be disabled by using one of these procedures:
Disable QUIC in Google Chrome:
In the URL type “chrome://flags”.
Search for “Experimental QUIC protocol” and disable it.
Use an Endpoint Security firewall rule.
To create a Firewall Application Rule blocking Chrome:
Open the policy currently running on the affected machines.
Add a Application Firewall Rule for chrome.exe.
Configure the Application Firewall Rule as follows:
Add a rule name and an application path for chrome.exe.
Under Settings, select the Any check box next to Local Address.
Select the Any check box next to Remote Address and add port 443 next to Port or port range.
Select UDP for Protocol, Both for Direction, and Any for IP.
Under Network, select the Home/Office and Public check boxes. For Permission, select Deny.
Click the Save button.
Apply the modified policy on the endpoints.
Disabling QUIC protocol via Group Policy
The QUIC protocol can be disabled using the Group Policy (GPO), by the following procedure:
Open the Group Policy editor console.
Under User Configuration, select Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome.
Find the setting Allows QUIC protocol and set to Disabled.
Click Ok.
Disabling QUIC protocol in Opera
To solve this issue, you need to disable QUIC protocol by one of the following procedures:
Disable QUIC protocol in Opera:
In the URL field, type “opera://flags”.
Search for “Experimental QUIC protocol” and disable it.
Disable QUIC protocol by using a firewall rule for Opera.
In the GravityZone console, open the policy currently running on the affected machines.
Go to Firewall > Rules > Add and select Application.
In the configuration window, enter the path for opera.exe.
The path should be should be: C:\Program Files\Opera\XX.X.XXX.XXX\opera.exe, where the folder XX.X.XXX.XXX is the current installed version of Opera.
Next to Local Address, select the Any check box.Next to Local Address, select the Any check box.
Next to Remote Address, check the Any box and add 443 for Port or port range.
Save the changes and the policy.
Page Menu
- Bitdefender – GravityZone
- Report types
- Repair client
- Reconfigure client
- Configuration
- Operation
- Operation
- Best practices
- Viewing and managing scheduled reports
- Announcements
- Executive Summary
- Reports
- Restart machine
- Create reports
- Deleting notifications
- Configuring notification settings
- Taking report-based actions
- Saving reports
- Emailing reports
- Printing reports
- Notifications
- Notification types
- Viewing notifications
- Risk scan
- Best practices
- Credentials Manager
- Patch tasks
- Troubleshooting
- Creating policies
- Assigning policies
- Configuring profiles
- Changing policy settings
- Renaming policies
- Computer policies
- Check my monthly subscription for Bitdefender Security for AWS
- Scan for IOC
- Scan
- Deleting policies
- Exchange scan
- Patch tasks
- Install
- Uninstall client
- Update client
- Network discovery
- Patch Management
- Deleting endpoints
- Threats Xplorer
- Introduction
- Antimalware
- Advanced Threat Control
- HyperDetect
- Advanced Anti-Exploit
- Firewall
- Content Control
- Network Attack Defense
- Using Recovery Manager for encrypted volumes
- Device Control
- Email Security
- Full Disk Encryption
- Security for Exchange
- Sandbox Analyzer
- Endpoint Risk Analytics (ERA)
- eXtended Detection and Response (XDR)
- Security for Storage
- Container Protection
- Endpoint types
- Email Security Licensing & Provisioning
- Install Security Server through Control Center
- Install security agents – standard procedure
- Install Security Server manually
- AD Connect
- Bitdefender Endpoint Security Tools for Linux quick start guide
- Install security agents – use cases
- Whitelist Email
- Configure Email
- Add Mailbox
- Features distribution
- Network inventory
- Checking the endpoints status
- Viewing endpoint details
- Organizing endpoints into Groups
- Sorting, filtering and searching for endpoints
- Viewing and managing tasks
- Running tasks
- Creating quick reports
- Assigning policies