• Announcements

    • Rodion Nagornov

      Недоступность форума // Forum maintenance   08/16/2017

      В связи с техническими работами форум будет недоступен с 20.00 (МСК) 18.08.2017. Максимальное время недоступности - до 20.00 (МСК) 20.08.2017. *** Due to maintenance forum will be unavailable since 8pm (+3 GMT) 18-Aug-2017. The longest possible time of maintenance - till 8.pm (+3 GMT) 20-Aug-2017.
dpeters11

Any issues with Kaspersky software if we disable SMBv1? [In progress]

11 posts in this topic

Our KSC is on version 10 SP2 MR1, most client agents are also on that version (but not all).

 

Would there be any issue with Kaspersky if we just disable SMBv1?

 

We do have the MS17-010 patch installed, with System Watcher but we're looking at this as a defense in depth.

Share this post


Link to post
Share on other sites

Hi,

 

Would there be any issue with Kaspersky if we just disable SMBv1?

Could you please be more specific?

What kind of issue we are talkig about?

 

Thank you!

Share this post


Link to post
Share on other sites

Posted (edited)

Hi,

Could you please be more specific?

What kind of issue we are talkig about?

 

Thank you!

 

Well, I guess my question is, will anything dealing with Kaspersky break? Meaning if we disable SMB1, will I still be able to deploy to a client (either with or without the agent installed), communication between the client and KSC/update agents still work?

 

I'm asking for several reasons:

 

Kaspersky states that port 445 needs to be open, so that indicates to me that SMB is used, but not the version.

One of your competitors does require SMBv1 in at least one situation for authentication so made me think of AV.

 

I know I could just try it and see if AV breaks, but was hoping someone would know.

Edited by dpeters11

Share this post


Link to post
Share on other sites
Well, I guess my question is, will anything dealing with Kaspersky break? Meaning if we disable SMB1, will I still be able to deploy to a client (either with or without the agent installed), communication between the client and KSC/update agents still work?

 

I'm asking for several reasons:

 

Kaspersky states that port 445 needs to be open, so that indicates to me that SMB is used, but not the version.

One of your competitors does require SMBv1 in at least one situation for authentication so made me think of AV.

 

I know I could just try it and see if AV breaks, but was hoping someone would know.

Hi,

 

445 TCP port are used for copying installation packages.

 

Thank you!

Share this post


Link to post
Share on other sites
Hi,

 

445 TCP port are used for copying installation packages.

 

Thank you!

 

Using SMBv1?

Share this post


Link to post
Share on other sites
Using SMBv1?

Unfortunately, we don't have this information.

 

Thank you!

Share this post


Link to post
Share on other sites
Unfortunately, we don't have this information.

 

Thank you!

 

Ok, I guess I'll disable and see if it breaks.

Share this post


Link to post
Share on other sites
Our KSC is on version 10 SP2 MR1, most client agents are also on that version (but not all).

 

Would there be any issue with Kaspersky if we just disable SMBv1?

 

We do have the MS17-010 patch installed, with System Watcher but we're looking at this as a defense in depth.

 

Hello,

 

I guess you're trying to protect your company against WannaCry.

Please keep in mind that disabling of SMBv1 is not a solution.

You need a bunch of countermeasures to prevent infection - http://support.kaspersky.com/general/products/13698

Thank you.

 

Share this post


Link to post
Share on other sites
Hello,

 

I guess you're trying to protect your company against WannaCry.

Please keep in mind that disabling of SMBv1 is not a solution.

You need a bunch of countermeasures to prevent infection - http://support.kaspersky.com/general/products/13698

Thank you.

 

Not really, Wannacry is just bringing the issue to the forefront. Microsoft is trying to get v1 disabled, and the way I see it, there likely will be other vulnerabilities in it. If we don't need it, then why keep it enabled.

 

 

Share this post


Link to post
Share on other sites
Not really, Wannacry is just bringing the issue to the forefront. Microsoft is trying to get v1 disabled, and the way I see it, there likely will be other vulnerabilities in it. If we don't need it, then why keep it enabled.

 

Please take a look at one more link

Thank you.

 

Share this post


Link to post
Share on other sites
Please take a look at one more link

Thank you.

 

Ok, so since that recommends disabling SMBv1, then it seems safe to say that Kaspersky products don't use SMBv1.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now