Meraki

Community

Blocking Teamviewer

ABVErik
Conversationalist
‎Apr 25 2022 1:29 PM
‎Apr 25 2022 1:29 PM

Blocking Teamviewer

Has anyone successfully blocked Teamviewer on the MX? I have a security issue with a previous vendor and I need to block it in totality, however, neither blocking *@teamviewer.com, port 5938, nor 178.77.120.0/24 work.

 

There is also no built-in layer 7 rule for it unlike G2A, LogMeIn, VNC, etc.

0 Kudos
6 Replies 6
DarrenOC
Kind of a big deal
Kind of a big deal
‎Apr 25 2022 1:42 PM
‎Apr 25 2022 1:42 PM

Should that be *.TeamViewer.com ?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
ABVErik
Conversationalist
‎Apr 25 2022 1:46 PM
‎Apr 25 2022 1:46 PM

You're correct, and that's what I have in my L3 rules, however, my brain apparently is still in weekend mode and did not allow me to type that correctly in the post.

0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Apr 25 2022 2:05 PM
‎Apr 25 2022 2:05 PM

I'm not aware of any easy way to do this.

With port 5938 blocked, it will fallback to port 443 or 80.

You can try to block all of the Ip addresses of the TeamViewer cloud brokers but there's no guarantee they won't just change at some point.

 

I think you're better off changing the password and security code on the computers with TeamViewer installed to block access to the vendor. Otherwise you could restrict computers from installing or running TeamViewer via an MDM solution

MarcP
Kind of a big deal
‎Apr 25 2022 11:20 PM
‎Apr 25 2022 11:20 PM

Found this as well, maybe another help, Activedirecty domain:

 

  1. Download the TeamViewer EXE file from their website.
  2. Open your your Group Policy Management Console, and create a new GPO.
  3. In your GPO go to Software Restriction Polices found under User Configuration > Windows Settings > Security Settings > Software Restriction Policies.
  4. Right click and choose “New Software Restriction Policies”.
  5. Select “Browse” in the New Hash Rule popup window. Find the TeamViewer setup EXE and open it.
  6. Close those windows and link your new GPO to the domain and make it apply to everyone.

 

 

Teamviewer Subnets seem to change a lot, and also saw a community post from them where they deleted all IPs which were posted 😮

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 26 2022 2:13 PM
‎Apr 26 2022 2:13 PM

I think your rule should work after the clients are next rebooted.

0 Kudos
AIOtech
Conversationalist
‎Apr 27 2022 10:32 AM
‎Apr 27 2022 10:32 AM

If you go into Security & SD-WAN under the layer 7 firewall rules you can add a layer 7 rule to block countries: Germany.  None of the Teamviewer clients will be able to connect at that point, but it will only apply to the clients on your network the MX is on.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.