cancel
Showing results for 
Search instead for 
Did you mean: 

"Block TeamViewer access"

Hi.

Does somebody have experiance with TeamViewer and MWG 7.0.

my question is i want to prevent local users using such tool without creating a AD policy for it.

Cheers.

--Said

8 Replies
McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: "Block TeamViewer access"

I haven't tested this, but one approach that seemed to have worked in blocking access to URLs that match server?.teamviewer.com/*, server??.teamviewer.com/*, server???.teamviewer.com/*, server????.teamviewer.com/* and *.dynagate.com/*

Alternatively, you also might want to block access to the following IPs, in case Teamviewer is making direct requests to IPs rather than their hostnames. The following was derived from a PHP script that does DNS Lookups for TeamViewer servers, so it represents only the ones for current servers, whereas there might be more in the future:

87.230.88.230, 87.230.88.215, 87.230.31.96, 87.230.30.220, 87.230.28.179, 87.230.89.165, 87.230.89.199, 87.230.90.185, 87.230.90.195, 87.230.90.28, 87.230.90.68, 87.230.90.85, 80.237.157.95, 87.230.29.60, 87.230.30.168, 87.230.89.57, 80.237.220.185, 88.198.47.245, 88.198.52.23, 70.38.71.102, 70.38.38.104, 70.38.38.205, 70.38.37.232, 178.16.16.120, 178.16.16.123, 178.16.16.124, 178.16.16.125, 178.16.16.126, 178.16.16.147, 178.16.16.148, 178.16.16.149, 178.16.16.150, 178.16.16.151, 87.106.227.193, 87.106.191.62, 87.106.57.100, 87.106.57.26, 87.106.94.240, 62.75.215.172, 62.75.215.179, 62.75.215.12, 217.172.180.120, 217.172.180.126, 217.172.180.127, 217.172.186.70, 85.25.136.77, 62.75.204.29, 62.75.204.26, 85.25.138.198, 62.75.218.27, 62.75.218.37, 85.25.8.89, 62.75.219.137, 85.25.143.170, 85.25.144.186, 85.25.145.115, 85.25.145.118, 85.25.145.152, 85.25.145.184, 85.25.146.86, 85.25.146.81, 85.25.146.173, 85.25.146.182, 85.25.147.164, 85.25.147.163, 85.25.147.110, 85.25.148.164, 85.25.148.229, 85.25.20.162, 85.25.20.147, 85.25.20.143, 62.75.220.79, 85.25.147.56, 85.25.147.123, 85.25.147.92, 85.25.144.115, 85.25.143.69, 85.25.144.204, 217.172.187.56, 85.25.6.41, 85.25.17.192, 85.25.20.198, 62.75.246.73, 62.75.246.130, 62.75.246.150, 62.75.246.153, 85.25.7.110, 85.25.144.143, 85.25.144.184, 85.25.144.238, 85.25.147.95, 62.75.224.173, 62.75.216.96, 62.75.204.64, 62.75.218.135, 62.75.218.122, 85.25.11.23, 202.71.106.121, 124.217.254.51, 124.217.230.168, 124.217.230.170, 124.217.230.174, 124.217.230.61, 180.189.153.130, 180.189.153.254, 180.189.153.238, 188.120.245.134, 188.120.245.54, 188.120.246.231, 188.120.245.139, 95.168.195.17, 92.55.144.163, 193.105.239.162, 193.105.239.167, 193.105.239.172, 193.33.114.233, 193.33.114.231, 193.33.114.232, 193.33.114.239, 193.33.115.23, 193.33.115.24, 193.33.115.32, 193.33.115.33, 193.33.115.35, 193.33.115.36, 209.160.65.70, 85.214.125.63, 81.169.129.118, 81.169.130.41, 81.169.179.174, 85.214.101.5, 85.214.116.83, 85.214.128.214, 85.214.129.237, 85.214.130.111, 85.214.132.184, 85.214.132.189, 85.214.132.241, 85.214.142.107, 85.214.40.132, 85.214.44.93, 85.214.58.253, 85.214.70.157, 85.214.82.143, 85.214.90.202, 85.214.93.56, 85.214.66.183, 85.214.19.216, 81.169.178.222, 81.169.186.58, 85.214.151.174, 85.214.151.176, 85.214.151.175, 85.214.90.192, 81.169.168.53, 85.214.154.223, 85.214.154.224, 85.214.17.204, 85.214.118.112, 85.214.130.3, 85.214.124.143, 85.214.138.185, 85.214.38.101, 85.214.42.177, 85.214.46.199, 85.214.142.11, 85.214.142.10, 85.214.141.246, 81.169.162.80, 81.169.142.213, 85.214.69.47, 85.214.66.74, 85.214.66.195, 85.214.120.118, 85.214.130.209, 85.214.78.52, 202.215.179.115, 202.215.179.116, 163.43.132.35, 163.43.132.36, 163.43.132.37, 163.43.132.38, 163.43.132.39, 69.64.76.102, 69.64.76.47, 69.64.74.104, 85.17.136.68, 85.17.136.97, 85.17.136.103, 85.17.87.146, 82.192.88.16, 95.211.6.137, 95.211.0.165, 95.211.6.8, 95.211.8.130, 196.46.189.162, 87.117.196.56, 78.129.159.162, 78.129.221.14, 189.1.164.112, 212.34.151.210, 212.34.151.191, 212.34.151.211, 212.34.151.196, 212.34.151.197, 82.102.30.166, 82.102.30.159, 82.102.30.161, 82.102.30.163, 91.121.112.194, 91.121.27.94, 91.121.4.185, 91.121.117.40, 91.121.21.25, 91.121.66.199, 91.121.94.131, 94.23.30.28, 91.121.176.62, 91.121.168.135, 94.23.47.172, 91.121.159.24, 91.121.90.53, 94.23.14.193, 94.23.14.201, 91.121.168.122, 94.23.209.122, 91.121.159.45, 91.121.160.140, 94.23.211.125, 94.23.204.77, 94.23.234.190, 94.23.234.192, 91.121.220.14, 91.121.161.117, 91.121.155.190, 188.165.201.126, 188.165.201.130, 91.121.160.163, 91.121.164.120, 91.121.164.219, 91.121.165.132, 151.1.182.135, 151.1.182.148, 151.1.182.151, 118.127.28.90, 77.223.130.60, 77.223.130.61, 77.223.130.62, 77.223.130.63, 77.223.130.64, 77.223.130.65, 77.223.130.66, 77.223.130.67, 77.223.130.68, 77.223.130.69, 93.189.33.203, 93.189.33.87, 93.189.33.76, 93.189.33.205, 93.189.33.3, 93.189.33.16, 208.116.2.90, 65.98.124.154, 69.72.225.186, 65.98.84.202, 65.98.68.66, 208.116.61.130, 208.116.61.66, 65.98.30.242, 69.72.221.50, 69.57.189.234, 193.218.154.172, 193.218.153.83, 91.199.22.122, 91.123.196.194, 91.123.196.206, 69.72.184.146, 69.72.184.138, 69.72.184.130, 69.72.184.122, 69.72.184.114, 69.72.184.106, 69.72.184.98, 69.72.184.90, 69.72.184.82, 69.72.184.74, 64.235.44.58, 64.235.55.114, 216.108.224.220, 216.108.224.222, 216.108.224.216, 216.108.224.214, 216.108.224.212, 216.108.224.208, 216.108.224.210, 216.108.224.206, 216.108.224.204, 216.108.224.202, 212.235.54.198, 209.239.112.116, 209.239.112.125, 209.239.112.126, 209.239.112.132, 209.239.112.194, 209.239.112.193, 209.239.112.199, 209.239.112.181, 209.239.112.160, 209.239.112.165, 69.64.38.54, 69.64.39.3, 209.239.112.124, 69.64.43.60, 69.64.48.243, 69.64.39.66, 69.64.63.138, 69.64.63.143, 209.239.112.17, 209.239.112.93, 209.239.112.122, 209.239.112.131, 69.64.52.200, 69.64.52.202, 209.239.112.113, 69.64.52.201, 69.64.46.110, 69.64.43.19, 209.239.112.140, 121.242.207.29, 111.118.177.66, 111.118.177.70, 204.45.72.130

In essence, a rule like

URL.HOST matches in list TeamViewerServer (server?.teamviewer.com/*, server??.teamviewer.com/*, server???.teamviewer.com/*,server????.teamviewer.com/*, *.dynagate.com/*) OR URL.HOST is in list TeamVieverIPs ('all of the above') BLOCK.

good luck,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Re: "Block TeamViewer access"

Hi Michael,

i really appreciate your answer. very clear without a doubt.

after i have test this scenario ill put some feedback in here

Cheers,

-- Said

Message was edited by: doubstar on 11/16/11 5:39:04 AM CST

Re: "Block TeamViewer access"

actually, we found that if you are using the web gateways SSL scanner, the teamv9iewe rtraffic will get blocked/fail automatically. reason is that team viewer is trying to send their own protocol inside the SSL tunnel and as soon as web gateway looks inside, it will block it 😉

Re: "Block TeamViewer access"

Yes, that makes sense. TeamViewer correctly detects MWG as "Man in the Middle" due to the certificate change and closes the connection.

McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: "Block TeamViewer access"

which is generically true for all proprietary encrypted traffic. Proprietary means that key are hardcoded and can't be intercepted. SSL Scanner will block then, as it simply can't exchange keys with the counter part on the server side.

There are other threads in the forum and the blog discussing, e.g. Skype.

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Re: "Block TeamViewer access"

Dear Sir,

Can you help for this case ? I need to block this application so that no one would be able to connect to his computer from outside

Highlighted

Re: "Block TeamViewer access"

Good morning,

Looking better understand the situation I found this link that was of great value.

http://blog.accuvant.com/bthomasaccuvant/teamviewer-authentication-protocol-part-1-of-3/

In it a study of the reverse engineering team viewer was performed and explained a lot to me.

After seeing him and try to find a way to block I concluded that blocking url's 16 Team Viewer would not connect anymore.

master1.teamviewer.com

master2.teamviewer.com

master3.teamviewer.com

master4.teamviewer.com

master5.teamviewer.com

master6.teamviewer.com

master7.teamviewer.com

master8.teamviewer.com

master9.teamviewer.com

master10.teamviewer.com

master11.teamviewer.com

master12.teamviewer.com

master13.teamviewer.com

master14.teamviewer.com

master15.teamviewer.com

master16.teamviewer.com

Team Viewer demand any connections, if you have any outlet that reaches the destination he had used.

MWG also causes the block with the "Remote Access" category

Hope that helps

Re: "Block TeamViewer access"

We block that site per Categorization :

Categorized URL- Remote Access

Default Cat Blocklist

URL.Categories <default> at least one in list <Default Catgory Blocklist>(Category)

That way you block teamviewer but also other intimate portals that the endusers may find,, DynDns type sites also,,

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community