Teamviewer_service.exe

[Vickiana Sconyers]

Im using the trial version of the endpoint goodies, and after successfully getting filezilla server and pidgin to work, teamviewer and spiceworks still fail due to an invalid checksum error. I have unchecked the "use checksums" box under the general tab, added the programs as trusted under the applications tab, allowed the processes to create hidden processes, and double checked that the checksums do match between the whitelist and the log file. Still getting:

This is more like desperately turning knobs and flipping switches, not a systematic approach :smileyhappy:. While Reason might not always be immediately intuitive there is no obscure cause behind it - if it says Invalid checksum then it is Invalid checksum. Application rules (trusted) are considered only after an application has been positively identified and neither is a hidden process involved nor would the allow launch setting affect the connectivity of the parent application.

I don't think there is a bug or some peculiarity of these applications involved. Please note that a checksum decision "sticks" until the process is restarted. I.e. if teamviewer_service.exe is blocked due to invalid checksum it nevertheless keeps running. Any subsequent attempt by it to access the network will be blocked - even if you then add its checksum or untick Use checksums as the check is made at the first connection attempt only.

And yes, I was pushing whatever button I could find to try and get the traffic through :P I know that I need to put it all back :) I made all the changes on the local machine, fixed it (with your help :P), then pushed the correct policy through the server...all is well now!

I'm having similar issues where I can not get nsepa.exe to work. What nsepa.exe does is verify your settings when attempting to log into Citrix Access Gateway. It gets blocked due to "invalid checksum" even though I'm not using checksum checking.

Well basically, the "invalid checksum" error message is deceiving. What the problem ACTUALLY was was a hidden process. nsepa.exe has an associated launching process svchost.exe. I set up svchost.exe in the "processes" tab and now nsepa.exe doesn't throw the checksum error. I then turned on the "use checksums..." option, added iexplore.exe (both 32- and 64-bit versions) and nsepa.exe to the checksums tab, and tested it. It works. Hurray. The error message in the firewall log should really really REALLY not say "invalid checksum". It should say "Hidden application". Lesson learned. I hope I helped someone else out there as well.

3a8082e126