fw blocks teamviewer (altough its a trusted app)

Hi, i recently updated my teamviewer from version 5 to version 6… now my firewall blocks it. i cant run teamviewer anymore (it says its not able to build up a connection). When i disable comodo fw it works fine. I didnt change anything… teamviewer.exe is a “trusted application” (so all in/out allowed).

Any idea? :S

thanks

put teamviewer exe in defense+ as well. this is how you do it: CIS —> Defense+ —> Computer Security Policy —> Defense+ Rules —> Add —> Select —> Browse…

edit: this how you add an application in the firewall CIS —> Firewall —> Network Security Policy —> Add —> Select —> Browse…

But if he disables the firewall and it works fine, D+ isn’t blocking anything.

If you check the firewall logs after you try to start teamviewer, do you see anything?

teamviewer is a trusted app in d+ and firewall

and no, nothing shows up in the log when i start teamviewer.

@edit: it also doesnt run in the sandbox.

What open port(s) does Teamviewer need? Then edit Global Rules to open the requested port(s) as described in the following tutorial I made. Substitute the port numbers and protocol for your situation.

To open the port TCP 1723 for example

First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.

Notice that Physical address = MAC address

Firewall → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.

Doesnt help

i mde it like this (jsut for testing purpose)

Firewall → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Any (instead of mac… just for testing)
Source Port: Any
Destination Port: port set “teamviewer” (80 + 5938)

same problem… also: i didnt change any of my global rules… i just made an update of teamviewer and it stopped working. And its deff. the firewall… if i disable it (d+ is still enabled) everything works fine :confused:

I also upgraded to TeamViewer v6. If i’m right, v6 like v5 and previous versions does not need any ports to be allowed for incoming connections.
At least it works here without any global/application rules of firewall and without any defense+ rules. Though i have “TeamViewer GmbH” in trusted vendors list.
[Safe modes for Fw and D+, sandbox disabled permanently].

anyone who can help?

Have you tried to define it as new trusted application? are your sure that only the firewall cause this problem. I would recommend you to take a look a defense+. Check it teamviewer is in Always sandbox and this how you find Always sandbox CIS —> Defense+ —> Computer Security Policy

Regards,
Valentin

ye i deldeted teamviewer.exe and added it again as a trusted app in the firewall

yes its the firewall which causes the problem… if i deactive the firewall (but leave d+ activated) it works.

@edit: the strange thing is, when i delete it from the firewall network policy and run teamviewer, i dont get asked about it beeing allowed or not… also there isnt any new rule about teamviewer.exe :S

cause is a trusted files.

With default settings CIS will use a standard rule for safe applications. This rule does not allow incoming traffic. That’s why Teamviewer does not work.

Also CIS won’t add a rule in Application Rules (this is to prevent CIS to have a lot of rules as a lot of rules makes CIS slow when storing new rules).

Try the following. Run Teamviewer. Go to Firewall → Network Security Policy → Application Rules → Add → Application Path → Select → Running Processes → select Teamviewer.
Then choose to use a Custom Policy and select Trusted Application for now. Then OK and Apply your way back to the main screen

Does that do the trick for you?

no that wont work… as i said… i added teamviewer as a trusted application already (which creates the rule for it to allow all in/out connections).

so whenever i run an application which is safe (else i will get asked), CIS will automatically allow this app to do outgoing connection but no incomming connections while not creating any real rule for it?

thanks

Yes, unless you tell it to, CIS will not create actual rules for whitelisted applications.

You can enable this feature in the firewall and Defense+ settings.

[attachment deleted by admin]

And this would make CIS rly slow after having soem rules? :S
I actually miss it to not have a rule for every app.

Anyway, teamviewer still not working :frowning:

Can you show screenshots of Global Rules, Application Rules and Firewall logs (View Firewall Events)?

uploaded the screens on my ftp:

http://beasty.wippiespace.com/stuff/cf/

Some rules are in german (as i started with german language setup).

teamviewer rule is: all all in and out

German is not a problem. I am from the Netherlands and learned German in school. Like to watch Tatort and other “Krimis” on the German tv…

One last question regarding the Application Rules section. Is there anywhere in the Application Rules section a rule for All Applications (not sure how that is translated in the German interface). If the rule for Teamviewer is somewhere underneath that rule then drag and drop it to a place somewhere above the All Applications rule. Logic behind this is that when a program is in a place under the All Applications rule it follows the rule set by All Applications; that rule only allows outgoing traffic.

While looking at your Application Rules I saw you made a rule for WOS referring to Tor. May be using Tor is blocking the incoming traffic for Teamviewer.

oh nice… and i can do a bit of dutch… welll mostly bad words tho :stuck_out_tongue:

anyway: i but teamviewer as first rule… still didnt work.
i also changed the torrent blocking rule to allow… still didnt work :confused:

any ideas? :S