To set up 2 factor authentication, log into
teamviewer.com, and then hit the dropdown arrow on your username in the top right, and then hit "edit profile". The Two factor authentication setup(ifits not set up) will be the 4th option down on the "general" tab. You will need an app like the "google authenticator".
teamviewer indir
Download Zip
https://t.co/dCCsEN0Tk7
To set up a Whitelist, open the teamviewer program, and make sure you are logged in with your account, and then go to extras>options. In options, go to the "security" tab, and hit the "configure" button next to "black and whitelist". This will open a popup box. Tic the "allow access only for the following partners" mark, and then the "add" button. "add contacts" should be selected, and then double click on your own account. That will "add" you to the whitelist. Hit "okay", and your whitelist is set up. You can add others, but do this at your own risk.
------------------------------
Syscom AS
------------------------------
Original Message Original Message:
Sent: 05-03-2021 10:51 AM
From: Colin McRae
Subject: False positives with SEP and Teamviewer?
Yeah I've been annoyed by this issue for well over a month, maybe two months. I manage a lot of SES customers and most of them are seeing "attacks" on port 5938 almost every day (seen via IPS reports). So far Symantec has not acknowledged the issue in a separate post I had made a while ago, they're busy with other stuff I suppose. Judging by Teamviewer's general behavior over the years I've been using it, I don't think they have a very solid product design that's imperviious to compromise, so I would not be surprised to learn some day in the future that their product had been hacked or something, but having said that, there's currently no reason to think they're any real issue.
The problem lacks the regularity of a heartbeat, but happens often enough that I am very much confused by the pattern.
It's also not ok to just whitelist the exe file, that's lazy secops behavior and rules out real detections later. So on this one I would have to think Symantec needds to talk to TeamViewer and work this out, or just identify the false positive trigger and fix that if applicable.
Original Message:
Sent: 04-29-2021 01:59 PM
From: r m
Subject: False positives with SEP and Teamviewer?
I've got some machines with Teamviewer installed. I'm seeing a lot of outbound attacks in SEPM logs for network attack on some machines that have Teamviewer, and different versions of Teamviewer. It looks like Symantec is calling teamviewer_service.exe an outbound attack. I'm thinking it's some kind of heart beat/checkin thing that Teamviewer is doing, that machine reporting itself in with Teamviewer.
Is anyone seeing that? That is a false positive, correct? It's pretty consistent on machines with Teamviewer. I don't believe they all got compromised, and there are no other signs. My network attacks alerts started blowing up yesterday morning.
------------------------------
rmo
------------------------------
------------------------------
Syscom AS
Original Message:
Sent: 05-03-2021 10:51 AM
From: Colin McRae
Subject: False positives with SEP and Teamviewer?
Yeah I've been annoyed by this issue for well over a month, maybe two months. I manage a lot of SES customers and most of them are seeing "attacks" on port 5938 almost every day (seen via IPS reports). So far Symantec has not acknowledged the issue in a separate post I had made a while ago, they're busy with other stuff I suppose. Judging by Teamviewer's general behavior over the years I've been using it, I don't think they have a very solid product design that's imperviious to compromise, so I would not be surprised to learn some day in the future that their product had been hacked or something, but having said that, there's currently no reason to think they're any real issue.
The problem lacks the regularity of a heartbeat, but happens often enough that I am very much confused by the pattern.
It's also not ok to just whitelist the exe file, that's lazy secops behavior and rules out real detections later. So on this one I would have to think Symantec needds to talk to TeamViewer and work this out, or just identify the false positive trigger and fix that if applicable.
Original Message:
Sent: 04-29-2021 01:59 PM
From: r m
Subject: False positives with SEP and Teamviewer?
I've got some machines with Teamviewer installed. I'm seeing a lot of outbound attacks in SEPM logs for network attack on some machines that have Teamviewer, and different versions of Teamviewer. It looks like Symantec is calling teamviewer_service.exe an outbound attack. I'm thinking it's some kind of heart beat/checkin thing that Teamviewer is doing, that machine reporting itself in with Teamviewer.
Is anyone seeing that? That is a false positive, correct? It's pretty consistent on machines with Teamviewer. I don't believe they all got compromised, and there are no other signs. My network attacks alerts started blowing up yesterday morning.
------------------------------
rmo
------------------------------
f5d0e4f075