Wondering if anyone has had the same experience as me when trying to get rid of SMB vulns on client machines. I have done all the necessary steps outlined in the many Microsoft documents that exist nowadays without how to eradicate SMB1. Did it in programs and features and through PowerShell as well, then verified the feature was disabled using the powershell script. Same story for the vulns regarding SMB signing, as I have verified signing is enabled and required on both the LanmanWorkstation and Server paths. Yet, all vulnerabilities still show on all of the assets (after agent check-in AND a scan engine scan).
Not really sure what do now… am I missing something?
Hi there,
did you check on which ports the SMBv1 was detected. We had the same issues, thought we deactivated SMBv1 on all clients. However, as I remember, on RDP SMBv1 was still active.
But I don’t remember what my colleagues from the client admin. team had to do, to solve the issue.
I have to ask my colleague from the client engineering team but he is currently on holydays. Will come back to this topic as soon as I have more information.
We’ve had some trouble with “SMBv2 signing not required” finding. We’ve implemented the fixes via Intune, and it did solve some of them, but about 1/2 are still remaining. It’s not clear what the difference has been. I initially suspected a restart was required, but that didn’t prove to be true or entirely true.
Even weirder… Now, the scans are not finding the vulnerability. But, the vuln is still showing on the asset page, even though if you click into the most recent scan data, that vulnerability is not showing anymore. So, I guess I can’t tell if it is gone or not…?