Help

Block Tor Browser

micah002
New Contributor

Posted on ‎02-12-2015 07:28 AM

Okay, so how do you block Tor Browser? I can't get it to work. I've tried using the Process name in Activity Monitor: Tor Browser, I've tried using the app name: TorBrowser and TorBrowser.app. I've tried /Tor Browser, /TorBrowser, /TorBrowser.app, and all of the above with Restrict Exact Process Name checked and unchecked.

Every time that frelling application just opens itself up like it has not a care in the world.

0 Kudos
7 REPLIES 7

Tomasz
New Contributor

Posted on ‎02-12-2015 08:18 AM

Process name "firefox" or "TorBrowser.app" make sure you recon before launching TorBrowser

TorBrowser ? Contents ? MacOS ? firefox

0 Kudos

lwindram
Contributor

Posted on ‎02-12-2015 09:12 AM

The process for the Tor browser is "Vidalia". We have had this blocked for about a year and it has been working fine.

0 Kudos

micah002
New Contributor

Posted on ‎02-12-2015 09:21 AM

Not according to my process list.

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎02-12-2015 09:25 AM

I'm also not seeing Vidalia in any process list when Tor is running, but I do see the "Firefox" one. However, I wouldn't put in Firefox as the process to kill, since wouldn't that also kill legitimate instances of the real Firefox browser? Seems like the makers of TorBrowser have really gone to great lengths to obscure how their browser is showing up when its running.

0 Kudos

damienbarrett
Valued Contributor

Posted on ‎02-12-2015 09:31 AM

Mike (@mm2270), do you have any explanation for why this restricted process is working for me but not for @micah002? I can't even get TorBrowser running to check for a Firefox process because my Restricted app list is killing it and deleting the app as it's designed to do.

(Yes, of course, I can play with this on an unmanaged machine, but it's working for us, as expected).

Our JSS is 9.62. Laptops are all 10.8 or 10.9. It work on my 10.10 machine also.

0 Kudos

lwindram
Contributor

Posted on ‎02-12-2015 09:42 AM

My bad. They changed the backend from Vidalia to Tor last year. We have implemented some other controls that have made Tor a non-issue for us so I have not revisited this in a while. Sorry.

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎02-12-2015 09:52 AM

@damienbarrett - I honestly can't say why its not working for @micah002. I don't have it (a Restricted Software item) set up on our JSS, so I can't really test it at the moment. It is strange, because it should be seeing it and killing it, like it is for you.
I only know that the browser doesn't actually show itself as Tor in the process list, except for the tor.real process as has been noted, but that is only one component of the app. The actual executable is listed as Firefox. But I think I see why. It seems the Tor developers are using the Firefox code as their basis for TorBrowser. If you list the app in mdls (Spotlight) iI see that the CFBundleIdentifier is listed as "org.mozilla.tor browser" (yes, with the space in it) So it seems its based on the Mozilla code, but rebranded.

I'm not sure if something like this is even necessary, but in case it helps, I whipped this EA together that should collect any instances of Tor Browser installed anywhere on the Mac, including the full path, even if the end user has renamed it to something else in the Finder. This may help detect instances that have slipped through Restricted Software.

#!/bin/sh

TorInstances=$( mdfind 'kMDItemCopyright == "Tor Browser*" || kMDItemCFBundleIdentifier == "org.mozilla.tor browser"')

echo "<result>${TorInstances}</result>"
0 Kudos