Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Get started Guides Vitals Queries Policies Software Data tables API SUPPORT Chat Contribute Release notes "Why is Fleet on my computer?" Get your license
Stories
What people are saying News Ask around Take a tour Meetups COMPANY Origins   (Fleet & osquery) The handbook Logos/artwork Why open source?
Pricing Try it yourself
Get whether TeamViewer is installed/running

Get whether TeamViewer is installed/running

Looks for the TeamViewer service running on machines. This is often used when attackers gain access to a machine, running TeamViewer to allow them to access a machine.

To learn more about queries, check this guide

SELECT display_name,status,s.pid,p.path FROM services AS s JOIN processes AS p USING(pid) WHERE s.name LIKE "%teamviewer%";
$services = Get-CimInstance -ClassName Win32_Service | Where-Object { $_.Name -like '*teamviewer*' } $results = foreach ($svc in $services) {
    $proc = Get-CimInstance -ClassName Win32_Process -Filter "ProcessId = $($svc.ProcessId)" -ErrorAction SilentlyContinue
    [PSCustomObject]@{
        display_name = $svc.DisplayName
        status       = $svc.State
        pid          = $svc.ProcessId
        path         = if ($proc) { $proc.ExecutablePath } else { 'N/A' }
    }
} $results | Format-Table -AutoSize
An icon indicating that this section has important information

PowerShell commands are currently work in progress, contributions welcome.

Platform

macOS Windows Linux ChromeOS
Suggest an editEdit