Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 30 replies
  • Subscribers 2 subscribers
  • Views 156505 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TeamViewer Blocking

samhtur
Hi Guys,
Is there a way to block TEAMVIEWER in my AS425? TEAMVIEWER can easily remote client computers even its already behind my firewall. Thanks!


This thread was automatically locked due to age.
  • 0 in reply to Sascha Paris
    How can I get from where teamviewer route the traffic to? I have checked both on Firewall Live Log and Web Filtering Live Log. 
    Please Help!!!
  • 0
    teamviewer uses https iirc correctly.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    yeppers from TV's site:
    This technology is based on the same standards as https/SSL

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Did the Trick for me. You should at least scan HTTP traffic. Probably it's also necessary to use HTTPS scanning, to block same URLs via HTTPS (Not sure, if Teamviewer also uses HTTPS as Fallback - I'm using HTTPS scanning anyway)

    If your Proxy is in a Standard mode, you don't need to use HTTPS scanning for Sacha's nifty REGEXs to stop Teamviewer.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Sorry again guys, what about if I am using Standard Mode Http Filtering Mode?
    Thank you.
  • 0
    In "Transparent" modes, the Proxy handles only HTTP (and HTTPS if scanning is selected).  That's why it can't manage Teamviewer unless HTTPS scanning is enabled.

    In "Standard" modes, the proxy handles all of the services listed in 'Allowed target services' on the 'Advanced' tab.  In these modes, your browser sends the unencrypted HTTPS URL to the Proxy, thus allowing it to do URL filtering as well as 

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi Balfson, I turned Transparent mode and enabled https scannig. TV still working. I update the asg  625 to 8.3 version. 

    Thank you for your help.
  • 0
    have you tried application control int he web filtering section?  TEamviewer is available for control/clocking in web application control.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Hi William, of course I did. The first time is not connecting. Then it's switching to keepalive server and Tv works again.
  • 0 in reply to Sascha Paris
    If you are using Web Proxy, you may be able to block Teamviewer (without using Application Control) by blocking following URLs:

    ^https?://(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/din.aspx\?s\=
    ^https?://(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/dout.aspx\?s\=
    ^https?://[A-Za-z0-9.-]*teamviewer.com/din.aspx\?s\=

    Did the Trick for me. You should at least scan HTTP traffic. Probably it's also necessary to use HTTPS scanning, to block same URLs via HTTPS (Not sure, if Teamviewer also uses HTTPS as Fallback - I'm using HTTPS scanning anyway)

    Lets give it a try. If Teamviewer still is able to connect, it's maybe also using a open Firewall Port - I use a very strict outgoing ruleset ;o))


    Yep Sir works
Cookie Information Banner