Automox Worklet Overview: Disabling SMBv1 Across Windows Devices
Server Message Block (SMB) is a network communication protocol used to share access to files, printers, etc. across devices in a network.
SMBv1 was first designed and used 30 years ago and is no longer adequate in providing security in today’s modern network infrastructure, where the complexity is only rivaled by that of the malicious code looking to exploit it.
Frankly, using, or having SMB1 enabled is unacceptable in today’s world as you can lose key protections offered by later SMB protocol versions, such as:
- Pre-authentication integrity
- Secure dialect negotiation
- Insecure guest authentication blocking, to protect against MiTM attacks.
- Better message signing
Additionally, if your clients use SMB1, then a man-in-the-middle can tell your client to ignore all listed above. All they need to do is block SMB2+ on themselves and answer to your server’s name or IP.
To create this Worklet, use the evaluation and remediation code scripts located here in the original posting on the Automox community. Included in the post are scripts for Windows 10 and 8.1 and Windows 7. If the evaluation finds SMB1 enabled, it will exit with a "1", and then remediate. The remediation code disables SMB1 on the devices.
You can assign this Worklet to any number of your Windows groups and execute the policy. You can also set the Worklet to run on a schedule like any other Worklet.
View a demonstration in our July 2020 Patch Tuesday webinar.
Step-by-Step: Create an Automox Worklet
Before deploying an Automox Worklet to the production environment, we suggest testing this on a few devices to confirm its accuracy. If you have any questions, please contact our support team for technical assistance at email@example.com.
To deploy this endpoint hardening Worklet, do the following:
- Log in to your Automox Console.
- Navigate to the System Management page and click Create Policy in the upper right-hand section of the screen.
- Choose Windows under Worklet.
- Copy and paste the Evaluation code scripts [located here].
- Define a schedule for when you want this policy to run.
- Click Create Worklet.
- Assign Worklet to a group or multiple groups and click Save Changes.
- [Optional] To execute Worklet manually, click the Execute Policy Now button.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.