SMBv1 Protocol Status (for WannaCry prevention)

Question

The WannaCry ransomware attack has been a topic of much discussion in the last few days&nbsp;- and a source of much consternation for system administrators. One of the attack vectors used by WannaCry to spread is a vulnerability in the SMBv1 protocol&nbsp;commonly included with Windows operating systems.

This embedded PowerShell datasource&nbsp;reaches out to Windows devices in a LogicMonitor account, and runs the "Get-SMBServerConfiguration" command (available only in Windows Server 2012 and newer) to see if SMBv1 is enabled, and if it is, it will generate a Warning alert for that device (caveat: SMBv1 is enabled by default, this has the potential to generate A LOT of alerts.) We understand that many affected systems will be older than Windows Server 2012 - here is some Microsoft-provided&nbsp;information on how to triage those older operating systems.&nbsp;

The datasource name is&nbsp;SMBv1_Protocol_Enabled&nbsp;and has lmLocator&nbsp;FWJKKX.

andrey_kitsen · Answer

Talk about a unique submission.

Forum Discussion

SMBv1 Protocol Status (for WannaCry prevention)

1 Reply

Related Content

Prevent credentials from being exposed

HTTP protocol version and HTTP(S) datasource

Prevent Alert Widget Data Refresh During Column Resize

Prevent GUI from purging datapoints after changing collection method

Safeguard to prevent disabling monitoring at the top level

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards