AV-Comparatives Blog - Proactive Protection for WannaCry

Noteworthy is that there have been SMB vulnerabilities against all versions of SMB as noted by this recent Feb., 2017 0-day exploit against SMBv3:

https://www.bleepingcomputer.com/ne...everal-windows-versions-including-windows-10/

So it is not just ransomware that can deploy exploits against SMB, any malware can use them.

Bottom line - your best protection against SMB exploits is to use a security solution that has an IDS that monitors SMB protocol use and resultant packet traffic. Alternatively you can disable all SMB protocols if you don't need SMB as it appears some Wilders folks have done. Note that Microsoft strongly disapproves of disabling SMB protocols other than SMBv1 although they haven't said why. If you use a HomeGroup network like most home users have, it doesn't use SMB.

 

It is disabled in my home. Now at work, different story.

 

I have disabled this is all my home computers. SMB version 1 is enabled by default on server 2016 even in core installation option i installed it in a VM just to check.

 

Attention Norton users.

MRG has updated their report: https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/ to state the Norton did detect WannaCry originally. The product originally BSOD because it was running on a VM test rig.

 

Am I reading this right, the ones listed protected and the ones not listed did not.
What is the position with webroot? Thanks

 

Below is a real world example of WannaCry being detected on an Eset endpoint device. Note that it is Eset's web filtering i.e. IDS that is detecting the attack which means the malware never touched the disk.