Bit Torrent Clients and Restricted Software

stevewood
Honored Contributor II
Honored Contributor II

How are you all handling Bit Torrent clients/traffic on your networks? Do
you utilize the Restricted Software functions in the JSS to eliminate
torrent clients?

And does anyone know if you can set a wildcard in Restricted Software for
the process? For example, setting the process name to "*torrent" or
something like that?

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

11 REPLIES 11

tlarkin
Honored Contributor

I am a huge advocate of setting what path applications can run from. I ensure via MCX that apps can only be executed from /Applications and every where else is not allowed. So, they cannot run apps from a thumb drive, their home folder, or from Utiltiies (then I toss all the apps I don't want them having access to, in .../Utilites). For the most part this is fool proof but it has it's caveats for sure. You also have to approve every app needed to run with in /Library/Application Support as well, which is something you learn really quick. Overall, I prefer that method over maintaining a huge list of restricted software. Users do not have write permissions to any of those directories so they cannot drop their own apps in.

Just my 2 cents.

Not applicable

This is a great topic.

Here we have started to introduce the idea by using Restricted Software to look for Transmission. Anytime a user launches it, the process is terminated, they are prompted with a dialog window and the app is deleted.
We also have it set to email us, so that if the same user persists, we can follow up in person.

It's a powerful tool and I look forward to hearing the experience of others.

Nick Caro Senior Desktop Support Administrator

Not applicable

My List, as it stands:

Acquisition
BitTorrent
SerialSeeker
KCN
Xtorrent
Transmission
Tomato
Tomato 2
Azureus
BitTyrant
Bits on Wheels
Bitrocket
Invisibles
Limewire
Iserial Reader
Vuze
Vuze Installer
Vuze Remote
Iswipe
Frostwire
KDX
Miro
Poisoned

Regards,
![external image link](attachments/7ea1774a28164f99963f936083456edf)

jarednichols
Honored Contributor

We block this traffic at our proxy. Far easier than trying to keep an updated list of blacklist software.

j

--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

stevewood
Honored Contributor II
Honored Contributor II

Don't forget uTorrent.

So, are you putting just those names in the "Process" box of Restricted
Software? Care to share your actual settings? If you go to Settings ->
General Settings -> Summary, you can select Restricted Software and click
Download Summary to get a text dump of your settings. Would you mind
sharing that with me or the list?

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

![external image link](attachments/f64c9104a7fa43dcbbb1d9f65c018b05)

stevewood
Honored Contributor II
Honored Contributor II

And that's what I'm looking at doing. We don't proxy our connection, but I
am looking to add an IDS card to our Cisco ASA to block there. Much easier
than adjusting for the different apps.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

![external image link](attachments/3b89931ad1b24c1397fb8a718c84c588)

tlarkin
Honored Contributor

$(UHere is a screen shot of my mcx files but it is from OD in WGM. However, if you create the plist file in the JSS Casper should honor it. I also agree with Jared on throttling and/or shutting down certain traffic, but that only goes so far until your users get smart. My ISP throttles all torrent traffic, be it legit or not. Well, I help seed several open source distributions through BT so I found that once I encrypt my traffic, my ISP has no idea what is going on and my throttle is now lifted. So I can seed Linux distros and still surf the web.

Here is my screen shot of the MCX plist for restricting Applications by file path:

Tom

![external image link](attachments/f1d79d41d03945238a25431d178024fc)
![external image link](attachments/4232e00faed84b16a58d9d706611f24a)

stevewood
Honored Contributor II
Honored Contributor II

Well, here's a word of warning to everyone. What triggered this "fire
drill" is that we were sent a "DMCA Abuse" email from our ISP. Our ISP had
received a take down notice from a company working for HBO that indicated
what file, what time, what IP, what port, everything. Needless to say, we
were in violation of the DMCA, of our ISP's AUP, and of course, our IT
Policy.

So, now I am scrambling to put some stop gap measures in place to prevent
this. We've identified the user (thanks Spotlight search in ARD) and we are
dealing with it procedurally. And we'll be re-inforcing the IT Policy to
make sure it is clear what is not accepted here.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

![external image link](attachments/fbb20480a30141ce974087df4812deda)

tlarkin
Honored Contributor

$(URestrict Apps by folder path, and those that have admin rights should be a smaller list right? So when something like this happens you aren't combing through the desert looking for some user out in user space, you know it has to be one who has admin rights to install such software.

I have a dummy package system that flags accounts in policy logs if they have a local admin account in /Users, and since by design all my OS images put all home directories for local admins in /prviate/var. So I know for a fact, if a user account has an admin, who's home folder is in /Users it is not suppose to be there period. That way I can see how has "escalated" their account from basic to admin.

![external image link](attachments/2b183e87671349d097a0e20561d8139e)

donmontalvo
Esteemed Contributor III

This is something we usually manage with WebSense in enterprise. Manage it in one place, across platforms.

Don

--
https://donmontalvo.com

bentoms
Release Candidate Programs Tester

Same here...

But the fact that casper allows for this restriction off-lan is handy... especially as our laptop users are admins so they can disable OD management when out of the office...

Ben Toms
IT Support Analyst GREY Group
The Johnson Building, 77 Hatton Garden, London, EC1N 8JS
T: +44 (0) 20-3037-3819 Main: +44 (0) 20 3037 3000 | IT Helpdesk: +44 (0) 20 3037 3883