Search the Community

Showing results for tags 'smb'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • From LogicMonitor
    • Product Announcements
    • LM Staff Contributions
    • Community Events
  • LogicMonitor Product Discussion
    • Feature Requests
    • LM Exchange
    • Ask the Community

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 1 result

  1. The WannaCry ransomware attack has been a topic of much discussion in the last few days - and a source of much consternation for system administrators. One of the attack vectors used by WannaCry to spread is a vulnerability in the SMBv1 protocol commonly included with Windows operating systems. This embedded PowerShell datasource reaches out to Windows devices in a LogicMonitor account, and runs the "Get-SMBServerConfiguration" command (available only in Windows Server 2012 and newer) to see if SMBv1 is enabled, and if it is, it will generate a Warning alert for that device (caveat: SMBv1 is enabled by default, this has the potential to generate A LOT of alerts.) We understand that many affected systems will be older than Windows Server 2012 - here is some Microsoft-provided information on how to triage those older operating systems. The datasource name is SMBv1_Protocol_Enabled and has lmLocator FWJKKX.