As I understand it, absolutely nothing. It's a legacy communications protocol that hasn't been used by anyone in years.What does disabling this even do?
I have a 'searching for required files' loading window ... for ages
Cheers for that.MS Article Here: https://support.microsoft.com/en-us...-smbv1-smbv2-and-smbv3-in-windows-and-windows
A more readable set of instructions for admins here: http://www.grouppolicy.biz/2017/03/how-to-disable-smb-1-on-windows-7-via-group-policy/
Instructions:
Press Windows key, in the RUN prompt type:
cmd.exe
Right-click on cmd.exe and select
Run as administrator
Copy and paste the following commands (right-click to paste as the ctrl-v command may not work):
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
Hit enter.
sc.exe config mrxsmb10 start= disabled
Hit enter.
Restart.
After restarting, go back to the RUN prompt and type:
regedit.exe
Run it (it will prompt the UAC, allow it to make changes by hitting "yes").
In regedit expand the following folders:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Right-click in the right window pane and select "New" and select "DWORD (32-bit) Value"
Right-click to rename the value "SMB1"
Right-click to modify the value and assign it "0"
Restart.
--
Those are the Win7 instructions as far as I can understand them.
I wonder why... But I won't complain.
Heh yup, some researchers were saying that it needed dat as an extension so I made that file as well.Might be worth adding these files to your windir. Seems to prevent infection. We have deployed it across our enterprise as a preventative measure.
https://www.bleepingcomputer.com/ne...found-for-petya-notpetya-ransomware-outbreak/
Just create a blank file called "perfc" (no extension) in %windir%
Heh yup, some researchers were saying that it needed dat as an extension so I made that file as well.
Oh, didn't think to make them read only though, oops.
Wait so has this been patched y/n? Like does it affect a fully up to date W10 install? Because I don't feel like turning off a bunch of shit or adding a bunch of files to things if I don't need to.
Edit: Nevermind, yes, it was patched in March. That being said I need to go fix my moms win7 pc now.
Why is this even on by default? Most people will not be aware of this.
Funny that this is what they decided to have turned on and have something like .Net 3.0/3.5 disabled by default, which is something that would have far more usefulness and practicality than this useless feature that serves only to allow havoc.
You're not. It's confirmed that turning it off frees up resources.I turned this off, and I don't know if I'm imagining it, but my computer seems to be running faster.
This. Been patched since March. Keep your systems up to date people. This is why.
Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya's behaviors. With more time to analyze the malware, researchers on Wednesday are highlighting some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive that it's impossible for victims to recover their data.
So apparently NoPetya ain't a ransomware . . . . . its a wiper. Forget about getting your data back.
Always remember to backup your files.
what are you talking about, updating windows is literally as easy as pie. A lot easier for the average user than disabling windows services.As far as I know, it's patched, but it's easier to stop the service than to ensure the patch is properly applied...
And honestly, even when it's working, it's creating a lot of issues. I wish I could do an update/upgrade/dist-upgrade on Windows...
Isn't it their job to set the correct group policy for the desired security though? If they don't know SMBv1 should be turned off by now, what hope does your company have?I just sent this onto our network security admin and turned it off on my machine. The problem is, our network team likes to automatically enable all of our shit when they sent out their periodic updates through group policy, so I'm hoping they actually will listen this time around.
If an update fails and has to be rolled back, it usually spits out a hex-like error code, which you can then Google to hopefully find a solution. I've had issues in the past where Windows Update will consistently fail and then roll back. I eventually fixed it by looking up the error code and trying what other people suggest solved the problem for them.Edit: half a year ago, I wasn't able to install a printer on Vista (not my computer). I discovered that updates had failed for more than one year, no reason again. I disabled auto, forced an update by hand, failed, reboot, forced again, failed, reboot, x5 (!) then for no particular reason it worked...
Windows Update is buggy as hell...
On Linux, when something fail, you have details. Windows is a black box, it's awfully hard to find what went wrong, and it's annoying.
Yes, but as I said, I haven't been able to patch my Seven for some time. Update fail, and I don't find a single reason (System file check returns "all clear", no virus, no worm, no malware)
Beside, I really don't like leaving a service running if I don't use it... Especially one related to network. I'd disable v2 and v3 too if I was sure I wouldn't have issues later (I don't care about samba shares, the only thing would be printer, but since I'm using one over IP, I don't think it's an issue)
Dude, you need to log in to your NAS and update it, then see if you can enable a newer version of SMB (and then disable SMBv1 on your NAS). If it only supports SMBv1, get a new NAS, LOL.If I do this i cannot connect to my NAS. Must find another way.
They were forced by the NSA to keep it in. Reportedly.what is unused and vulnerable shit doing in an os anyways
Microsoft recommends removing the unused but vulnerable SMBv1 file sharing protocol from your systems.
What's the primary method of delivery for this stuff? Links in emails that download it? I just want to know what I should be cautious of outside of the obvious.
what is unused and vulnerable shit doing in an os anyways
I got an email saying that my work account had been logged on in Ukraine and to reset my password by clicking on a link. This was like a week ago. I didn't think anything of it. Looking back, would this have been related? Turns out many other coworkers got it too, but from different locations. The email domain is from my work, but I doubt the actual email was. Good thing I didn't click it...
what is unused and vulnerable shit doing in an os anyways
Was about to start a thread, but figured I'd just ask in here. Given that the world is so full of this crap lately, just how much do you keep your data backed up externally?
Is there anyway to make sure this does not also spread to your personal external backups? I am not talking about just this one malware but in general how do you make sure that malware that infects your computer does not also go onto the external hard drive that is connected to your computer?