Using Kaseya to block Peer 2 Peer Download Tools

Written by BT

**This is a long post but don’t be put off. This will only take you about 10 minutes to implement and is really worth it, check it out and give it a try and post your feedback in the comments. As always, if you need some additional Kaseya help, head over the Contact page and drop me a line

kaseya-p2p

I’ve been using the Application Blocker feature of Kaseya for quite some time to block Peer-2-Peer apps from running on end user machines. I can’t take credit for this idea as the idea was thrown about on the Kaseya forums about 18 months ago and seems to have recently resurfaced.

Peer-2-Peer apps can be a nightmare in a multi-branch environment where Terminal Services and Citrix are in use when they hammer all available bandwidth. Yes it’s possible to block installation of these apps by restricting user rights on desktops. Often, in many environments this is not possible or realistic because proprietary apps may need full admin rights, or the staff roam overseas regularly and need full access to the machine or staff own the machines and you have limited scope for locking them down. Those vague helpdesk calls about “the entire branch running slowly” can simply be a nightmare to diagnose at times and worse, burn through consulting resources. The Network Statistics report can often help pin down the problem but this isn’t always the case.

So anyway, if you didn’t know already. Kaseya has an Application Blocking feature that I use to block P2P apps from running which completely removes any problems generated by them. Here’s how I configure my Peer-2-Peer application blocking in Kaseya. This method also allows you to generate reports of what machine the apps were blocked on so you can go back to the client and demonstrate more value and identify problem users if necessary. Setting up this process will take you around 10 minutes or so depending on how familiar you are with the system.

Part A – setting up the blocking

1. Create an Offline Agent

(I use an Offline Agent to apply the settings as its much easier than typing in 20 odd applications by hand, use an Offline Agent template and you’ll only have to type in the list once)

Goto the Agent Tab->Create
Create an offline agent in your _templates group. Call this something meaningful like P2P-blocking-template or similar.

2. Load up the Peer 2 Peer apps you want to block in the application blocker section.

My list below hasn’t been updated in a while but works for me, it also includes a few spyware apps that have caused me headaches in the past.

Go to the Audit Tab->Application Blocker in bottom left hand corner
Enter the list below one by one and apply to your new template (apologies about the inability to cut and paste, trying to keep this short!)

braviax.exe bitlord.exe g3torrent.exe klrun.exe peravir.exe btdownloadgui.exe btmaketorrentgui.exe azureus.exe emule.exe pctstray.exe buritos.exe av2009.exe napster.exe edonkey2000.exe morpheus.exe shareaza.exe limewire.exe bearshare.exe kceasy.exe gnucleus.exe kazaa.exe ares.exe utorrent.exe warez.exe khancer.exe bitcomet.exe

3. Apply the blocking to the agents you want it active on.

Goto the Agent Tab->Copy Settings
Make sure you change your Machine Group and View to show the machines you want to apply the blocking on.
Select your source template to copy the settings from – IMPORTANT here to only copy the Protection Settings, choose to either Add or Replace settings. Use Add if you already use protection settings
Apply the settings and copy, this should only take a moment to apply

Once step 3 is complete, Application Blocking is now in place and Kaseya will block P2P executables from starting – this is great, but to demonstrate real value, we need to create end user reports which we’ll do in Part B

Part B – setting up reporting

1. Create a script to write to the Kaseya Script log

To create end user reports, we trigger a Script to run every time a P2P app is block. The script writes to the Kaseya script log which we can then create a custom report to determine which machines a trigger the Peer 2 Peer blocker. That make sense?

So, create a new script, call it “P2P App Block Log Script” or something that makes sense to you.
Then add a single line with action Write Script Log Entry the write Illegal P2P Application Blocked Application: #pv# to the log.
The #pv# writes the executable name of the app blocked. If you want to get fancy, you could modify this script to also write the username of the user at the time of the blocking to the log also – for simplicity sake, we’ll leave it as is for now.

2. Configure Protection Violation Alerting

We perform this step so that Kaseya auto triggers our new script whenever it blocks a P2P app.

Again here, change the Machine Group and View to show the machines you want to setup reporting on and goto the Monitor Tab>Alerts
From the dropdown, select Protection Violation.
From the three checkboxes, we only need to select “File Access Violation Detected” and you want to select the action to Run Script when triggered. Select your newly created P2P App Block Log Script and then apply the settings to the machines.

3. Configure a Custom Report

Head to the Reports Tab>Logs
Here you want to create a new Script Log report, click the checkbox to Ignore Machine without data
In the “Show entries matching….” dialog box, enter this string and make sure you keep the asterisks: *Illegal P2P Application Blocked*
Once done, give the report a meaningful name, share it if you want to and click save and you’re done.

If you run the report straight away, you’re probably not going to get any data show up but leave the monitoring for a day or day and come back and run the report. You’ll be surprised at how many machines trigger the blocking.

So give it a try, see how you go – if you get stuck or need help, feel free to post in the comments and I’ll reply as best as possible. Have fun!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.