Ransomware SMB/CIFS Versions 1.0

bundle

#1

####Bundle details and download
https://www.extrahop.com/customers/community/bundles/tomr/ransomware-smbcifs-versions-10/

####Description
In addition to patching vulnerable Windows systems (see MS17-010), Microsoft has published STRONG guidance towards deactivating the SMBv1 protocol in today’s networks. The Wannacry Ransomware outbreak of May 2017 is a clear example of the vulnerabilities inherent in this legacy protocol.


#2

Question in regards to “Note: It’s advised to disable the trigger after you’re done identifying vulnerable machines.

Why is it recommended to disable this trigger? What is the impact to leaving the trigger enabled?


#3

Howdy,
I have looked into the trigger code, always interesting to see a bit of a code. Side question… the trigger has been using large® lookup variables and also LZString external library. Would that be beneficial to cache all of them so they are not parsed each time trigger fires? See my post in triggers section.


#4

NOTE: the links on some of the product documentation has changed. Please refer to the following knowledge articles now:



#5

Doesn’t work on 7.4.0? When trying to apply the bundle I’m getting “Error: Error reading bundle file”