How to Block Remote Access Software Websites Like TeamViewer

If you wish to block all TeamViewer remote connections on your network this article is just for you. TeamViewer needs no special configuration or any firewall rules to allow it to connect to the internet. All you have to do is to download the .exe file from the TeamViewer website and execute it. Because of this, it's very easy for someone to go around your security measures. Any serious business would hate to have such a vulnerability, so how do you block TeamViewer? Let's take a look.

Enable a DNS Block

You can choose to block the resolution of DNS records on the teamviewer.com domain. This is possible if you run your own DNS server.
Enter your DNS Management Console and create a top-level record for "teamviewer.com".
And that's pretty much all it takes. By directing this record somewhere else you can block connections to this domain and all of its subdomains

Make sure clients cannot connect to external DNS servers

You can make sure that the only DNS connections allowed on your company network are to your own internal DNS servers. This eliminates the chance of the TeamViewer client checking DNS records against their own servers as opposed to the dummy ones you set up in the above step. You can also add a new outgoing firewall rule to block TCP & UDP port 53 from all source IP addresses, aside from your own DNS servers. Why? Because now your clients will only be able to resolve the DNS records you allow through your own DNS server.

Prevent access from the TeamViewer IP Address Range

Sometimes, the TeamViewer client will still be able to connect to known IP addresses, even though you have blocked the DNS records. You will need to block access to their entire IP Address range to deal with this issue. You have to log into your Firewall/Router again and add a new outgoing firewall rule to disallow connections to 178.77.120.0/24. The TeamViewer IP address range is 178.77.120.0/24. That translates to 178.77.120.1 – 178.77.120.254.

Block the TeamViewer port

You may not need to do this, but it doesn't hurt either. TeamViewer connects through port 5938, but also tunnels via ports 80 (HTTP) & 443 (SSL) if 5938 is not available. To block it you have to log into your Firewall or Router and add a new outgoing firewall rule to stop TCP & UDP port 5938 from all source IP Addresses.

Create and enforce group policy restrictions

Add a Software Restrictions to Group Policy in your Active Directory Network. Here's how:

  1. Download the TeamViewer .exe file from the TeamViewer website.
  2. Launch the Group Policy Management Console, and generate a new GPO.
  3. Navigate to the Software Restriction Policies in your new GPO. They can be found under User Configuration > Windows Settings > Security Settings > Software Restriction Policies.
  4. Right-click the Software Restriction Policies and select "New Software Restriction Policies".
  5. Choose "Browse" in the New Hash Rule window that will be displayed. Find the TeamViewer setup .exe file and double click on it.
  6. Connect your new GPO to the domain and apply it to all of your customers.

Perform a deep packet inspection

If nothing outlined has helped you so far you might need to use a firewall that does Deep Packet Inspection and Unified Threat Management. These features are specifically designed to look for common remote access tools and block them. However, the drawback is that they are expensive. Try the other methods on our list first before you resort to this step.

June 26, 2020

Leave a Reply