How to block Teamviewer using Application Filter

Hi,

i try to block Teamviewer applying a specific application filter to my LanToWan rule.

I select Teamviewer Conferencing and Teamviewer File Transfer as Application filter criteria.

Team Viewer is still working. 

I check the patterns which are all updated.

Searching in Sophos Community i didn't find any indication which can help me.

Can someone show to me how can i block Teamviewer?

Thank you in advance

Parents
  • Hi,

    do you decrypt and scan enabled? Have you installed the ca on the offending pc?
    what other rules do you active that allow this pc to access the internet?

    are you using ips in the rule?

    and finally please check the TeamViewer exceptions are disabled.

    ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi Ian,

    yes decrypt and scan is enabled and to test the block for Teamviewer i create a test Application filter.

    I not installed the CA yet and i use IPS rule.

    Using other vendors UTM i was able to select the single application to block from a panel, without deploy certificates and without using any other configuration.

    I made some test in Sophos XG and i was able to block  i.e. Whatsapp. The only thing i need to do is select the app filter for whatsapp and the game is on.

    Can you describe to me the correct sequence i need to apply at the XG configuration to use the correct blocking rules for Teamviewer, please?

    Many thanks

    Claudio

  • Hi,

    did you disable the teamviewer exceptions in web proxy?

    ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi  Claudio,

    from memory teamviewer is also a web URL. I don’t have access to my XG at the moment to add extra information.

    ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi Claudio,

    I installed team viewer and tried to block it using an application filter (TeamViewer is only a desktop application which uses web browser), that failed because team viewer users a web interface and needs web filters built to block it.

    If you you would like I will continue in the morning and post my suggested filter settings.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi Ian,

    Thanks a lot for your help.

    I'll waiting for your indication, after you'll check the configuration.

    Regards

    Claudio

  • Hi Claudio,

    a caveat to my testing. I run both IP4 and IPv6 and due to limitation within the current XG version of IPv6 I am not able to block TeamViewer.

     

    I was able to block TeamViewer through IP4 firewall rules.

    Steps

    1/. create a FQDN group of teamviewer

    2/. create and FQDN of *.teamviewer.com add to FQDN group.

    3/. create an FQDN of *.teamviewer-iot.com add to FQDN group

    4/. create a firewall rule at the top of your rule list

    a) drop

    b) Source LAN

    c) source network 

    d) destination zone WAN

    e) destination network - select Teamviewer from FQDN group

    f). save

    You can choose to log the traffic while you are testing, but afterwards I would disable the log.

    I hope you find this helpful?

    I will be starting another thread on how to block website using IPv6.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi Ian,

    i tried you configuration but it doesn't work for me.

    Is there any other configuration i need to apply?

    Thanks a lot

    Claudio

Reply Children
  • Hi Claudio,

    when you review logviewer filtering on your test IP what do you see? I suspect that there are specific country servers that might be bypassing your firewall rule.

    I could not find any, but looking at the web exception setting indicates there are other countries involved.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi Ian,

    i find the solutiion visiting the community portal, under this Knowledge Base page:https://community.sophos.com/kb/en-us/123078

    In the past days i tried to use a logical way of thinking. I have a lan to wan rule and i applied to it the app filter i create. I thought this was the logical way to use the block of applications.

    The KB i found explain the way is to add a new firewall rule, in which you need to accept and don't deny the use of the application filter. I create this new rule and i give to it the top position. Then i add the filter and i was able to block Teamviewer in my LAN.

    In this way all my traffic was blocked. So i push the rule at the last position of my rules group and the game is done.

    Sophos Knowledge Base is a good way to find solutions. Just one suggest for the editorial staff. For me the Community homepage is not friendly and doesn't give access immeditaely to these good informations.

    Thank you for your help

    Claudio

  • Hi Claudio,

    that doesn’t quite make sense to me because there is no teamviewer application in the XG list.

    what did you use for teamviewer in the application policy?
    ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi Ian,

    i use TeamViewer Conferencing and TeamViewer FileTransfer.

    Claudio

  • I will try them on my ipv6 policies.

    ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi,

    removed my firewall rule and all the FQDNs I created, added the two applications. Result unable to sign in using the signing panel, but f you click on the pilot url at the bottom right of the team viewer page you can login.

    I will add my block firewall back and see what happens.

     

    Ian

    The application filter blocked the IPv6 traffic and firewall rule blocked the IP4 traffic.
     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hi,

    I added my reject firewall rule and I can get the teamviewer management console but no further

    I might have been little hasty with my test after the firewall rule was added, I cannot access the login pages anymore using the application  to create a new sign.

     

    Ian

    This is failure in both IP4 and IPv6 connection attempts.

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.