This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block Teamviewer using Application Filter

Hi,

i try to block Teamviewer applying a specific application filter to my LanToWan rule.

I select Teamviewer Conferencing and Teamviewer File Transfer as Application filter criteria.

Team Viewer is still working. 

I check the patterns which are all updated.

Searching in Sophos Community i didn't find any indication which can help me.

Can someone show to me how can i block Teamviewer?

Thank you in advance



This thread was automatically locked due to age.
  • Hi,

    do you decrypt and scan enabled? Have you installed the ca on the offending pc?
    what other rules do you active that allow this pc to access the internet?

    are you using ips in the rule?

    and finally please check the TeamViewer exceptions are disabled.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    yes decrypt and scan is enabled and to test the block for Teamviewer i create a test Application filter.

    I not installed the CA yet and i use IPS rule.

    Using other vendors UTM i was able to select the single application to block from a panel, without deploy certificates and without using any other configuration.

    I made some test in Sophos XG and i was able to block  i.e. Whatsapp. The only thing i need to do is select the app filter for whatsapp and the game is on.

    Can you describe to me the correct sequence i need to apply at the XG configuration to use the correct blocking rules for Teamviewer, please?

    Many thanks

    Claudio

  • Hi,

    did you disable the teamviewer exceptions in web proxy?

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi  Claudio,

    from memory teamviewer is also a web URL. I don’t have access to my XG at the moment to add extra information.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Claudio,

    I installed team viewer and tried to block it using an application filter (TeamViewer is only a desktop application which uses web browser), that failed because team viewer users a web interface and needs web filters built to block it.

    If you you would like I will continue in the morning and post my suggested filter settings.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Thanks a lot for your help.

    I'll waiting for your indication, after you'll check the configuration.

    Regards

    Claudio

  • Hi Claudio,

    a caveat to my testing. I run both IP4 and IPv6 and due to limitation within the current XG version of IPv6 I am not able to block TeamViewer.

     

    I was able to block TeamViewer through IP4 firewall rules.

    Steps

    1/. create a FQDN group of teamviewer

    2/. create and FQDN of *.teamviewer.com add to FQDN group.

    3/. create an FQDN of *.teamviewer-iot.com add to FQDN group

    4/. create a firewall rule at the top of your rule list

    a) drop

    b) Source LAN

    c) source network 

    d) destination zone WAN

    e) destination network - select Teamviewer from FQDN group

    f). save

    You can choose to log the traffic while you are testing, but afterwards I would disable the log.

    I hope you find this helpful?

    I will be starting another thread on how to block website using IPv6.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    i tried you configuration but it doesn't work for me.

    Is there any other configuration i need to apply?

    Thanks a lot

    Claudio

  • Hi Claudio,

    when you review logviewer filtering on your test IP what do you see? I suspect that there are specific country servers that might be bypassing your firewall rule.

    I could not find any, but looking at the web exception setting indicates there are other countries involved.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.