Add an additional program for remote access to the App Patrol list
Freshman Member
Hello.
I've encountered misuse of the meshagent.exe (MeshCentral) program on my network.
Employees install the program without notification.
The problem is that this program can be renamed and access different addresses on its server side.
How can I block this program from running on the Zywall ATP 700?
This program isn't listed in APP Patrol. I've chosen to block all programs in the Thin Client category, but this doesn't work on meshagent.
I tried blocking the meshagent.exe client program through IPS, but that didn't work either. The program uses 443 in its work, and despite SSL inspection being enabled, blocking through IPS doesn't work.
Can Zyxel add this program to the APP Patrol list?
All Replies
-
Hi @General99
To block the traffic, the current method is to set a security policy for the specific source IP, which is the MeshCentral server ip.
In addition, you can add the MD5 of the meshagent exe or zip file to the anti-Malware block list, which should restrict your employees to download these files.
Can Zyxel add this program to the APP Patrol list?
Let me create the idea post for you and share your requirement to the product team.
Zyxel Melen0 -
The difficulty is that anyone can deploy a meshcentral server in a couple of minutes. It is freeware software. Download your own agent, meshagent.exe. And the connection server address can be anything.
The md5 hash also changes. When you deploy your Meshcentral server, you can change the agent file name (mesagent.exe) to anything else in the server settings, and the hash will change accordingly.I tried disabling the meshagent.exe agent using signatures and IPS, but it didn't work. I think the IPS on my Zywall ATP 700 only works in the WAN-to-LAN direction, not in the LAN-to-WAN direction. I have an active subscription to the service.
0 -
Hi @General99
I want to update you that we are evaluating the new applications for the application list, therefore, we will also evaluate to add the meshagent.exe (MeshCentral) to the list.
Zyxel Melen0
Zyxel Employee
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 210 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 538 USG FLEX H Series
- 340 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 295 Service & License
- 462 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight
