Jump to content

Need Assistance with HTTPS Filtering and LogMeIn Rescue


gwkr57

Recommended Posts

I am currently on Endpoint Protection 5.0.2229.1

 

We are wanting to use Endpoint's built in URL filtering to block social media websites (per boss's request). I was able to set this up without problem, but noticed that users could still access sites via https. So I enabled the option the HTTPS filtering option. That worked as intended for web browsing. 

 

The unwanted side effective of this is that LogMeIn Rescue Technician Console will not connect to clients. (See Screen Shot). The web filter nor the firewall log doesn't show anything being blocked. 

 

I did a quick glance at the computer's event log, but didn't find anything that looked like what I was looking for. Need some direction on where to go from here. 

post-6429-0-00701600-1423666491_thumb.png

Link to post
Share on other sites
  • Administrators

Try the following:

- switch HTTPS scanner to interactive mode (Ask about non-visited websites)

- try to connect via LogMeIn

- when prompted about the certificate, click Exclude to exclude the communication from scanning

- switch HTTPS scanner to automatic mode (Always scan SSL protocol) and check the "Apply created exceptions based on certificates" box.

Link to post
Share on other sites

Try the following:

- switch HTTPS scanner to interactive mode (Ask about non-visited websites)

- try to connect via LogMeIn

- when prompted about the certificate, click Exclude to exclude the communication from scanning

- switch HTTPS scanner to automatic mode (Always scan SSL protocol) and check the "Apply created exceptions based on certificates" box.

 

That worked on a local machine. So I exported the Excluded certificates from ESET and imported them into RSA, into the excluded Certificates. Tried LogMeIn with these settings being applied from RSA, but original behavior showed up. I'm guessing it's because LMI uses different address and different certs for different connection. I currently have certs for app05-01.logmein.com, app05-10.logmein.com, app05-04.logmein.com,

 

Is there anyway to exclude an entire domain from filtering?

Link to post
Share on other sites
  • 2 weeks later...
  • 5 months later...
  • Administrators

I'm having exactly the same issue. Anyone got any ideas?  

 

A possible solution was offered in post #4: 

 

Can you add *.LogMeIn.com as an allowed URL?  Or *.logmeinrescue.com or whatever?

Link to post
Share on other sites
  • Administrators

As far as I know, you can only whitelist URLs in web filtering. I'm talking about protocol filtering..

 

Doesn't LogMeIn communicate via https ? Have you tried my suggestion ?

Link to post
Share on other sites

Hi Marcos. Thank for the suggestion(s).

 

Your first suggestion (exclude all the certificates): as gwkr57 suggests, there are a lot of certificates associated with LMI Rescue, so you're playing whack-a-mole. If you're working with a third party support desk, you'd need to tie down one of their support staff for a period of time and start repeated sessions until you were reasonably confident that you had excluded every possible certificate. They (quite understandably) don't see why they should spend the time fixing what is ultimately my problem, because I use ESET. So that doesn't seem  a practical solution in my case.

 

Second suggestion ("Can you add *.LogMeIn.com as an allowed URL?  Or *.logmeinrescue.com or whatever?") - I know how to whitelist URLs in web filtering. But we're talking about protocol filtering here. That's two distinct things in ESET. In protocol filtering, you can either whitelist by IP address, or designate a specific program a web browser (which as far as I am aware, you can only do if you know the specific path of the executable. You can't know that with LMI Rescue because it runs in a temp folder.)

 

Do you see what I mean? I really appreciate your help, but I don't see how to make it into a workable solution in my case.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...