Teamviewer. Is the exception "Teamviewer Remote Access Work around Teamviewer SSL handshake Bug" still required ?

Is the exception "Teamviewer Remote Access Work around Teamviewer SSL handshake Bug"  still required ?

But more importantly, is the Teamviewer SSL handshake bug still there ?

The exception used to be this:

 

^([A-Za-z0-9.-]*\.)?tvcdn\.de/?

^([A-Za-z0-9.-]*\.)?teamviewer\.com/?

 

But in v18, the exception cannot be edited and is missing ^([A-Za-z0-9.-]*\.)?tvcdn\.de/?

Paul Jr

Parents
  • Hi Paul,

    The out of box exception for Teamviewer was added in XG 17.1 and always was only teamviewer.com.  The UTM has a similar exception.

     
    From what I can tell, there are several posts on the internet about people annoyed teamviewer started using tvcdn and that they need to punch more holes through their proxy.  But not one of them mentions Sophos or XG, and there are no Sophos community threads on it.  So I do not think that there ever was a SSL handshake bug on the XG for tvcdn.de.
     
     
    I suspect that you might have added the tvcdn.de yourself.
     
     
    From v18 forward, we want Sophos to manage the out-of-box exceptions and not have them modified by customers.  That allow us to add/remove things without changing anything a customer configured, and similarly protects us from a customer removing something from an exception.
     
     
    The way the upgrade should have worked is if you had modified the Teamviewer exception before upgrade, during upgrade it should have made a copy of your modified version with a variant on the name, and then recreated the out-of-box exception to the Sophos standard one.
     
    Are you sure that there was a tvdn.de before the upgrade?  In v18 have you made sure you don't have two exceptions for Teamviewer (your modified and our readonly)?
     
  • Another interesting point: Teamviewer has an own Port, which TV tries first: TCP-/UDP-Port 5938

    If this port fails, it will fallback to 443. 

    So if you are concern, you could put 5938 with a non scan SSLx Rule and let the traffic happen. 

    __________________________________________________________________________________________________________________

Reply Children
No Data