Anyone know about Zenmate?

rohrt85
New Contributor II

Good Morning everyone!

Has anyone heard about the program Zenmate? I am wanting to block either that or the try to block the Chrome Web Store from student use for awhile until they get the hint on what they are not suppose to be doing. Would like to know if there is something I can do with a config profile or policy?

12 REPLIES 12

tkimpton
Valued Contributor II

@rohrt85 im trying to tackle this as well with not much luck. I have looked here https://support.google.com/chrome/a/answer/188447?hl=en but it seems the documentation is a bit out of date.

At the moment im telling management that i will look in to but can't guarantee anything at the moment. Its a shame because the browser is great and dont want to end up spoiling the user experience.

brushj
New Contributor III

We have had some issues with it in the past and continue to when they release new proxies.

We have our web filter in place, iBoss, so we block the sites ourselves there and notify them whenever there are updates released for zenmate. They kids have found other alternatives though, it will be a never ending battle.

We also have the chrome store blocked, we are using google apps for education, but this requires them to login at least once with their student email address and accept the terms of service to disable their plugins.

If we come up with anymore info I will let you know.

CasperSally
Valued Contributor II

We are an iBoss customer as well and they seem to be properly blocking zenmate related URLs for us.

Eric_linneweber
New Contributor

I was fighting this one a few weeks ago. I found a way to search and destroy the plugin. I created a launch agent that looks in all user folders for the folder that is created when Zenmate is installed. If it finds the file it deletes the four pieces to remove the plug in. I had to go a little strong handed to remove it if they already turned on the encryption. It has to remove the plist for the user due to the encryption key being loaded in the plist, which means that it removes all extensions and themes but does not remove the bookmarks.

There are three parts to this solution:

Part #1

I created a launch Daemon to look for the installation. Use the following text as a .plist and drop it into /Library/LaunchDaemons/com.westside.zenmate.plist. Once you create the file make sure to change the ownership to root.
sudo chown root /Library/LaunchAgents/com.westside.zenmate.plist. The text for the plist is below.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST
1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd>
<plist version="1.0">
<dict> <key>Label</key> <string>com.westside.zenmate</string> <key>ProgramArguments</key> <array> <string>bin/sh</string> <string>/usr/local/zenmatev4.sh</string> </array> <key>StartInterval</key> <integer>10</integer>
</dict>
</plist>

Part #2
Install a script to /usr/local this daemon uses this script if Zenmate is found on the computer. Here is my script. If you are copying and pasting name it zenmatev4.sh

#!/bin/sh

#This script removes the zenmate chrome extension proxy

if [ -d /Users//Library/Application Support/Google/Chrome/Default/Extensions/fdcgdnkidjaadafnichfpabhfomcebme ]
then rm -Rf /Users/
/Library/Application Support/Google/Chrome/Default/Preferences rm -Rf /Users//Library/Application Support/Google/Chrome/Default/Extensions/fdcgdnkidjaadafnichfpabhfomcebme rm -Rf /Users//Library/Application Support/Google/Chrome/Default/Local Storage/chrome-extension_fdcgdnkidjaadafnichfpabhfomcebme_0.localstorage-journal rm -Rf /Users/*/Library/Application Support/Google/Chrome/Default/Local Storage/chrome-extension_fdcgdnkidjaadafnichfpabhfomcebme_0.localstorage killall -9 Google Chrome
fi

Step #3

load the following script to Casper. It needs to be run as after once you install a package containing the other two parts as a package. Mine was name zenmate restrictions.sh.

#!/bin/sh

#This script calls the Mountain Lion installer to launch upon the completion of the installation

sudo launchctl load /Library/LaunchDaemons/com.westside.zenmate.plist
sudo launchctl load /Library/LaunchAgents/com.westside.zenmate.plist

Hope this helps!

aks
New Contributor II

Zenmate has just hit my school. What do you see as the issues with it. For the most part, it seems to be blocking students from attaching assignments to gmail. Or they set it and forget that they did and later find that they can't access the internet from whatever country they might have picked. I am curious about the con's of letting this run it's course.

Eric_linneweber
New Contributor

Zenmate is a https secure proxy tunnel that allows access to almost any restricted site. It jumps between 65 us sites and will then go to a different 65 from other countries if it can't use the US first.

rohrt85
New Contributor II

@ruchtman Thanks for this! I think I am going to try this out because it is getting to the point of where I am tired of the head hunting for this laptops and taking things off. As with everyone we are too an iBoss district and I would be more then happy to learn how you blocked the Chrome Store from the students effectively.

Thanks

CasperSally
Valued Contributor II

There's some worthwhile content in the Chrome store. Isn't iBoss blocking the proxy traffic for you? It is for me. If not, you should get a ticket in with them.

rohrt85
New Contributor II

I will have to make sure with my boss since he is the one that primarily deals with iBoss. I was certain that it is blocking it but then again I could be wrong because this all started last week when I found out about it from my tech students.

CasperSally
Valued Contributor II

@rohrt85 - You could test trying to load Zenmate through the iBoss, for me it wouldn't even let me confirm an account/install because of iBoss blocking.

I could load it using a network that doesn't go through iBoss (my test machine didn't use the home filter), but when I put it back behind iBoss all traffic was blocked on the client and no sites would load at all (and the iBoss reporter showed traffic blocked as proxy).

Might be worth testing at the client level - even without iBoss reporter visibility, to make sure iBoss is doing its job in your environment.

LulzSec
New Contributor

Some of my friends tried to block Zenmate through dpi, but the darn administration wouldn't let us get the new gigabit switches. Darn budget...

On the bright side, this is my first post. FREEDOM!!!!!

erikboese
New Contributor

I'd like to bump this post and see if anyone has had any success at all here?