Zscaler Browser Control Best practices or policy example

Hello, Blocking traffic from all non-updated browsers can have a huge impact on users.
is there any best practices to use the browser control policy feature or an example of an implemented policy in one of zscaler customers?

thank you.

1 Like

Related to makina’s question. My understanding is that Zscaler’s recommended best practice is to not enable Browser Control.
https://help.zscaler.com/zia/recommended-browser-control-policy

Aside from the fact the browser version detection is limited to major releases (90.x, 91.x, etc) can someone explain WHY the recommendation is to NOT enable Browser Control?

We have browser control checks enabled and allowing all browsers, however, I don’t see a way to report on which old/vulnerable browsers are detected.

Did you ever get a satisfactory answer? It’s still best practice to not enable it per Zscaler’s article which is mystifying considering one can enable the check while still allowing all browser versions. I turned on the “Enable checks” setting to obtain browser versioning (while allowing all browsers), but my “vulnerable browsers” report still won’t populate.

I do have a ticket open regarding this in case Zscaler is reading - 03406592

After enabling the settings, no valuable data was seen in the reports. This report doesn’t help - Secure Browsing > Top Vulnerable Browsers, Plug-Ins, & Apps. Hopefully there will be an improvement on the upcoming 6.2 platform.

Curious to see the outcome of your ticket.

to make things worse the security policy Audit reports contradicts the recommended Policy. So which is truly the recommended policy? i would like to see this working since there are plugins that allow proxy, password storing, etc,

Just to clarify on the Zscaler recommendation - they recommend disabling the “Allow all browsers”. This means that browser control IS enabled.

Recommended Browser Control Policy | Zscaler
image