I found a warning message on my Mac this morning, that TeamViewer found suspicious usage

I had some remote training on Friday and forgot to close the teamviewer app. This morning I found that message, curious whether somebody logged in I went to Extras Show log files. There was NO “incoming connections” file so I had incoming connections on Friday (where I used it).

The general and network log files begin on Saturday around 6 am.

Is this an obvious hint that somebody has been able to login and deleted before leaving the device all log files?

I checked today and asked the colleague from Friday to login again. This immediately generates a incoming connections file with login data from today. But I”m really worried that there were no log data from Friday / Saturday.

Is TeamViewer automatically cleaning them? Does anybody know whether there is a protection against brutal force?

Best regads

Stefan

Tagged:

Answers

  • JeanK
    JeanK Posts: 7,052 Community Manager 🌍
    edited October 2021

    Hello @TeleStefan,

    Good thing that you have reached out to us!

    We do have brute force protection:

    The incoming connection file is located here:

    C:\Program Files (x86)\TeamViewer
    

    The file is called Connections_incoming.txt

    Could you please check in this location?

    Community Manager

  • as it’s a Mac the directory with log files was located at different location. However the incoming-connection file was not there like deleted. When starting new connections today I see it’s generated again and new sessions are appended. So as I know there should have been connections a from Friday I wonder why the file was no longer there this morning. Furthermore can anybody confirm when TeamViewer presents this message on the screen “be careful we detected suspicious traffic or behavior”?


    thank you

    stefan