On Tue, Mar 4, 2014 at 11:23 AM, Trevor Middel <tmiddel_at_gmail.com> wrote:
> Hi Folks,
>
> Yesterday I installed TortoiseSVN on a work desktop in order to download code from R-forge to compile the binary locally. The build on R-Forge had failed.
>
> This morning I received a call from our IT security requiring a scan to be run on my machine as it was suspected of running torrent software. My IP address also suggested a port had been opened on my machine.
>
> Uninstalling TortoiseSVN removed the port and allowed IT to connect remotely to my machine, scan is running now :)
>
> Does it make sense that TortoiseSVN would raise this flag for ITS? I had been considering using TortoiseSVN for some projects I'm working on but may have to reconsider given this issue, or go through the certification process here.
I don't think anyone here can answer whether it makes sense or why it
raised a flag, because no one here knows your company's security
policies or understands the reasoning behind them.
TortoiseSVN is not a BitTorrent client or server. It is not a server
of any kind. It speaks HTTP, HTTPS, and the custom SVN protocol. It
does not (to my knowledge) make outbound connections without the user
explicitly taking action, except for an HTTP connection to check for
new versions (and even that doesn't happen until you perform other
tasks, IIRC).
In short, your IT security team probably has an over-zealous rule
configured that is misidentifying the software. If you need
TortoiseSVN to do your job effectively, they need to work with you to
handle it properly.
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3074010
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2014-03-04 18:40:58 CET