Blocking Teamviewer

ABVErik
Conversationalist

Blocking Teamviewer

Has anyone successfully blocked Teamviewer on the MX? I have a security issue with a previous vendor and I need to block it in totality, however, neither blocking *@teamviewer.com, port 5938, nor 178.77.120.0/24 work.

 

There is also no built-in layer 7 rule for it unlike G2A, LogMeIn, VNC, etc.

6 REPLIES 6
DarrenOC
Kind of a big deal
Kind of a big deal

Should that be *.TeamViewer.com ?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
ABVErik
Conversationalist

You're correct, and that's what I have in my L3 rules, however, my brain apparently is still in weekend mode and did not allow me to type that correctly in the post.

Brash
Kind of a big deal
Kind of a big deal

I'm not aware of any easy way to do this.

With port 5938 blocked, it will fallback to port 443 or 80.

You can try to block all of the Ip addresses of the TeamViewer cloud brokers but there's no guarantee they won't just change at some point.

 

I think you're better off changing the password and security code on the computers with TeamViewer installed to block access to the vendor. Otherwise you could restrict computers from installing or running TeamViewer via an MDM solution

MarcP
Kind of a big deal

Found this as well, maybe another help, Activedirecty domain:

 

  1. Download the TeamViewer EXE file from their website.
  2. Open your your Group Policy Management Console, and create a new GPO.
  3. In your GPO go to Software Restriction Polices found under User Configuration > Windows Settings > Security Settings > Software Restriction Policies.
  4. Right click and choose “New Software Restriction Policies”.
  5. Select “Browse” in the New Hash Rule popup window. Find the TeamViewer setup EXE and open it.
  6. Close those windows and link your new GPO to the domain and make it apply to everyone.

 

 

Teamviewer Subnets seem to change a lot, and also saw a community post from them where they deleted all IPs which were posted 😮

PhilipDAth
Kind of a big deal
Kind of a big deal

I think your rule should work after the clients are next rebooted.

AIOtech
Conversationalist

If you go into Security & SD-WAN under the layer 7 firewall rules you can add a layer 7 rule to block countries: Germany.  None of the Teamviewer clients will be able to connect at that point, but it will only apply to the clients on your network the MX is on.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels